SUSE-SU-2026:20796-1

CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974).
CVE-2025-11468: header injection with carefully crafted inputs (bsc#1257029).
CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing (bsc#1254997).
CVE-2025-13836: potential memory denial of service in the http.client module (bsc#1254400).
CVE-2025-13837: potential memory denial of service in the plistlib module (bsc#1254401).
CVE-2025-15282: control characters in URL media types data (bsc#1257046).
CVE-2026-0672: control characters in http.cookies.Morsel fields and values (bsc#1257031).
CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042).

References

Affected packages

SUSE:Linux Micro 6.0 / python311

Package

Name: python311
Purl: pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.15-1.1

Ecosystem specific

{
    "binaries": [
        {
            "libpython3_11-1_0": "3.11.15-1.1",
            "python311-base": "3.11.15-1.1",
            "python311-curses": "3.11.15-1.1",
            "python311": "3.11.15-1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20796-1.json"

SUSE:Linux Micro 6.0 / python311-core

Package

Name: python311-core
Purl: pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.15-1.1

Ecosystem specific

{
    "binaries": [
        {
            "libpython3_11-1_0": "3.11.15-1.1",
            "python311-base": "3.11.15-1.1",
            "python311-curses": "3.11.15-1.1",
            "python311": "3.11.15-1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20796-1.json"