Описание
Security update for python
This update for python fixes the following issues:
- CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. (bsc#1257031)
- CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP headers. (bsc#1257042)
- CVE-2025-15366: Fixed a bug wherer a user-controlled command can allow additional commands injected using newlines. (bsc#1257044)
- CVE-2025-15367: Fixed control characters which may allow the injection of additional commands. (bsc#1257041)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP7
libpython2_7-1_0-2.7.18-150000.102.1
python-2.7.18-150000.102.1
python-base-2.7.18-150000.102.1
python-curses-2.7.18-150000.102.1
python-gdbm-2.7.18-150000.102.1
python-xml-2.7.18-150000.102.1
openSUSE Leap 15.6
libpython2_7-1_0-2.7.18-150000.102.1
libpython2_7-1_0-32bit-2.7.18-150000.102.1
python-2.7.18-150000.102.1
python-32bit-2.7.18-150000.102.1
python-base-2.7.18-150000.102.1
python-base-32bit-2.7.18-150000.102.1
python-curses-2.7.18-150000.102.1
python-demo-2.7.18-150000.102.1
python-devel-2.7.18-150000.102.1
python-doc-2.7.18-150000.102.1
python-doc-pdf-2.7.18-150000.102.1
python-gdbm-2.7.18-150000.102.1
python-idle-2.7.18-150000.102.1
python-tk-2.7.18-150000.102.1
python-xml-2.7.18-150000.102.1
Ссылки
- Link for SUSE-SU-2026:0590-1
- E-Mail link for SUSE-SU-2026:0590-1
- SUSE Security Ratings
- SUSE Bug 1254867
- SUSE Bug 1257031
- SUSE Bug 1257041
- SUSE Bug 1257042
- SUSE Bug 1257044
- SUSE CVE CVE-2025-15366 page
- SUSE CVE CVE-2025-15367 page
- SUSE CVE CVE-2026-0672 page
- SUSE CVE CVE-2026-0865 page
Описание
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.102.1
Ссылки
- CVE-2025-15366
- SUSE Bug 1257044
Описание
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.102.1
Ссылки
- CVE-2025-15367
- SUSE Bug 1257041
Описание
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.102.1
Ссылки
- CVE-2026-0672
- SUSE Bug 1257031
Описание
User-controlled header names and values containing newlines can allow injecting HTTP headers.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.102.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.102.1
Ссылки
- CVE-2026-0865
- SUSE Bug 1257042