SUSE-SU-2026:0644-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20260644-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0644-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2026:0644-1
- Upstream
- Related
- Published
- 2026-02-25T16:28:23Z
- Modified
- 2026-02-26T16:17:03.977544Z
- Summary
- Security update for python312
- Details
-
This update for python312 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-20260644-1/
- https://bugzilla.suse.com/1257029
- https://bugzilla.suse.com/1257031
- https://bugzilla.suse.com/1257041
- https://bugzilla.suse.com/1257042
- https://bugzilla.suse.com/1257044
- https://bugzilla.suse.com/1257046
- https://www.suse.com/security/cve/CVE-2025-11468
- https://www.suse.com/security/cve/CVE-2025-15282
- https://www.suse.com/security/cve/CVE-2025-15366
- https://www.suse.com/security/cve/CVE-2025-15367
- https://www.suse.com/security/cve/CVE-2026-0672
- https://www.suse.com/security/cve/CVE-2026-0865
Affected packages
openSUSE:Leap 15.6
python312
Package
- Name
- python312
- Purl
- pkg:rpm/opensuse/python312&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.12-150600.3.43.1
Ecosystem specific
{
"binaries": [
{
"python312-idle": "3.12.12-150600.3.43.1",
"libpython3_12-1_0": "3.12.12-150600.3.43.1",
"python312-tools": "3.12.12-150600.3.43.1",
"python312-curses": "3.12.12-150600.3.43.1",
"python312-testsuite": "3.12.12-150600.3.43.1",
"libpython3_12-1_0-32bit": "3.12.12-150600.3.43.1",
"python312-dbm": "3.12.12-150600.3.43.1",
"python312-32bit": "3.12.12-150600.3.43.1",
"python312-doc-devhelp": "3.12.12-150600.3.43.1",
"python312-tk": "3.12.12-150600.3.43.1",
"python312": "3.12.12-150600.3.43.1",
"python312-base": "3.12.12-150600.3.43.1",
"python312-doc": "3.12.12-150600.3.43.1",
"python312-base-32bit": "3.12.12-150600.3.43.1",
"python312-devel": "3.12.12-150600.3.43.1"
}
]
}python312-core
Package
- Name
- python312-core
- Purl
- pkg:rpm/opensuse/python312-core&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.12-150600.3.43.1
Ecosystem specific
{
"binaries": [
{
"python312-idle": "3.12.12-150600.3.43.1",
"libpython3_12-1_0": "3.12.12-150600.3.43.1",
"python312-tools": "3.12.12-150600.3.43.1",
"python312-curses": "3.12.12-150600.3.43.1",
"python312-testsuite": "3.12.12-150600.3.43.1",
"libpython3_12-1_0-32bit": "3.12.12-150600.3.43.1",
"python312-dbm": "3.12.12-150600.3.43.1",
"python312-32bit": "3.12.12-150600.3.43.1",
"python312-doc-devhelp": "3.12.12-150600.3.43.1",
"python312-tk": "3.12.12-150600.3.43.1",
"python312": "3.12.12-150600.3.43.1",
"python312-base": "3.12.12-150600.3.43.1",
"python312-doc": "3.12.12-150600.3.43.1",
"python312-base-32bit": "3.12.12-150600.3.43.1",
"python312-devel": "3.12.12-150600.3.43.1"
}
]
}python312-documentation
Package
- Name
- python312-documentation
- Purl
- pkg:rpm/opensuse/python312-documentation&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.12-150600.3.43.1
Ecosystem specific
{
"binaries": [
{
"python312-idle": "3.12.12-150600.3.43.1",
"libpython3_12-1_0": "3.12.12-150600.3.43.1",
"python312-tools": "3.12.12-150600.3.43.1",
"python312-curses": "3.12.12-150600.3.43.1",
"python312-testsuite": "3.12.12-150600.3.43.1",
"libpython3_12-1_0-32bit": "3.12.12-150600.3.43.1",
"python312-dbm": "3.12.12-150600.3.43.1",
"python312-32bit": "3.12.12-150600.3.43.1",
"python312-doc-devhelp": "3.12.12-150600.3.43.1",
"python312-tk": "3.12.12-150600.3.43.1",
"python312": "3.12.12-150600.3.43.1",
"python312-base": "3.12.12-150600.3.43.1",
"python312-doc": "3.12.12-150600.3.43.1",
"python312-base-32bit": "3.12.12-150600.3.43.1",
"python312-devel": "3.12.12-150600.3.43.1"
}
]
}SUSE:Linux Enterprise Server 15 SP6-LTSS
python312
Package
- Name
- python312
- Purl
- pkg:rpm/suse/python312&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.12-150600.3.43.1
Ecosystem specific
{
"binaries": [
{
"python312-dbm": "3.12.12-150600.3.43.1",
"python312-idle": "3.12.12-150600.3.43.1",
"libpython3_12-1_0": "3.12.12-150600.3.43.1",
"python312-tk": "3.12.12-150600.3.43.1",
"python312": "3.12.12-150600.3.43.1",
"python312-tools": "3.12.12-150600.3.43.1",
"python312-base": "3.12.12-150600.3.43.1",
"python312-curses": "3.12.12-150600.3.43.1",
"python312-devel": "3.12.12-150600.3.43.1"
}
]
}python312-core
Package
- Name
- python312-core
- Purl
- pkg:rpm/suse/python312-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.12-150600.3.43.1
Ecosystem specific
{
"binaries": [
{
"python312-dbm": "3.12.12-150600.3.43.1",
"python312-idle": "3.12.12-150600.3.43.1",
"libpython3_12-1_0": "3.12.12-150600.3.43.1",
"python312-tk": "3.12.12-150600.3.43.1",
"python312": "3.12.12-150600.3.43.1",
"python312-tools": "3.12.12-150600.3.43.1",
"python312-base": "3.12.12-150600.3.43.1",
"python312-curses": "3.12.12-150600.3.43.1",
"python312-devel": "3.12.12-150600.3.43.1"
}
]
}SUSE:Linux Enterprise Server for SAP Applications 15 SP6
python312
Package
- Name
- python312
- Purl
- pkg:rpm/suse/python312&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.12-150600.3.43.1
Ecosystem specific
{
"binaries": [
{
"python312-dbm": "3.12.12-150600.3.43.1",
"python312-idle": "3.12.12-150600.3.43.1",
"libpython3_12-1_0": "3.12.12-150600.3.43.1",
"python312-tk": "3.12.12-150600.3.43.1",
"python312": "3.12.12-150600.3.43.1",
"python312-tools": "3.12.12-150600.3.43.1",
"python312-base": "3.12.12-150600.3.43.1",
"python312-curses": "3.12.12-150600.3.43.1",
"python312-devel": "3.12.12-150600.3.43.1"
}
]
}python312-core
Package
- Name
- python312-core
- Purl
- pkg:rpm/suse/python312-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.12-150600.3.43.1
Ecosystem specific
{
"binaries": [
{
"python312-dbm": "3.12.12-150600.3.43.1",
"python312-idle": "3.12.12-150600.3.43.1",
"libpython3_12-1_0": "3.12.12-150600.3.43.1",
"python312-tk": "3.12.12-150600.3.43.1",
"python312": "3.12.12-150600.3.43.1",
"python312-tools": "3.12.12-150600.3.43.1",
"python312-base": "3.12.12-150600.3.43.1",
"python312-curses": "3.12.12-150600.3.43.1",
"python312-devel": "3.12.12-150600.3.43.1"
}
]
}