Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
Список пакетов
Container suse/manager/4.3/proxy-httpd:latest
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-salt-broker:latest
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-ssh:latest
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-tftpd:latest
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
Container suse/sle-micro-rancher/5.2:latest
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
Container suse/sle-micro/5.2/toolbox:latest
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
Image SLES15-SP7-GCE-3P
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
Image SLES15-SP7-SAP-GCE-3P
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise Micro 5.2
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
SUSE Linux Enterprise Micro 5.3
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
SUSE Linux Enterprise Micro 5.4
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
SUSE Linux Enterprise Micro 5.5
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise Server 15 SP6-LTSS
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
libpython3_6m1_0-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
openSUSE Leap 15.6
libpython3_6m1_0-3.6.15-150300.10.106.1
libpython3_6m1_0-32bit-3.6.15-150300.10.106.1
python3-3.6.15-150300.10.106.1
python3-base-3.6.15-150300.10.106.1
python3-curses-3.6.15-150300.10.106.1
python3-dbm-3.6.15-150300.10.106.1
python3-devel-3.6.15-150300.10.106.1
python3-doc-3.6.15-150300.10.106.1
python3-doc-devhelp-3.6.15-150300.10.106.1
python3-idle-3.6.15-150300.10.106.1
python3-testsuite-3.6.15-150300.10.106.1
python3-tk-3.6.15-150300.10.106.1
python3-tools-3.6.15-150300.10.106.1
Ссылки
- Link for SUSE-SU-2026:0664-1
- E-Mail link for SUSE-SU-2026:0664-1
- SUSE Security Ratings
- SUSE Bug 1257029
- SUSE Bug 1257031
- SUSE Bug 1257041
- SUSE Bug 1257042
- SUSE Bug 1257044
- SUSE Bug 1257046
- SUSE CVE CVE-2025-11468 page
- SUSE CVE CVE-2025-15282 page
- SUSE CVE CVE-2025-15366 page
- SUSE CVE CVE-2025-15367 page
- SUSE CVE CVE-2026-0672 page
- SUSE CVE CVE-2026-0865 page
Описание
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-salt-broker:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Ссылки
- CVE-2025-11468
- SUSE Bug 1257029
Описание
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-salt-broker:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Ссылки
- CVE-2025-15282
- SUSE Bug 1257046
Описание
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-salt-broker:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Ссылки
- CVE-2025-15366
- SUSE Bug 1257044
Описание
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-salt-broker:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Ссылки
- CVE-2025-15367
- SUSE Bug 1257041
Описание
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-salt-broker:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Ссылки
- CVE-2026-0672
- SUSE Bug 1257031
Описание
User-controlled header names and values containing newlines can allow injecting HTTP headers.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-httpd:latest:python3-base-3.6.15-150300.10.106.1
Container suse/manager/4.3/proxy-salt-broker:latest:libpython3_6m1_0-3.6.15-150300.10.106.1
Ссылки
- CVE-2026-0865
- SUSE Bug 1257042