SUSE-SU-2026:1349-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20261349-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1349-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:1349-1
- Upstream
- Related
- Published
- 2026-04-15T13:35:56Z
- Modified
- 2026-04-16T08:30:55.821639Z
- Summary
- Security update for python311
- Details
-
This update for python311 fixes the following issues:
- Updated to Python 3.11.15
- CVE-2025-6075: If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables (bsc#1252974).
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029).
- CVE-2025-12084: cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service (bsc#1254997).
- CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611).
- CVE-2025-13836: When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length (bsc#1254400).
- CVE-2025-13837: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues (bsc#1254401).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in
BytesGenerator(bsc#1257181). - CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240).
- CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734).
- CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735).
- CVE-2026-4519: leading dashes in URLs are accepted by the
webbrowser.open()API and allow for web browser command line option injection (bsc#1260026).
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-20261349-1/
- https://bugzilla.suse.com/1252974
- https://bugzilla.suse.com/1254400
- https://bugzilla.suse.com/1254401
- https://bugzilla.suse.com/1254997
- https://bugzilla.suse.com/1257029
- https://bugzilla.suse.com/1257031
- https://bugzilla.suse.com/1257042
- https://bugzilla.suse.com/1257046
- https://bugzilla.suse.com/1257181
- https://bugzilla.suse.com/1259240
- https://bugzilla.suse.com/1259611
- https://bugzilla.suse.com/1259734
- https://bugzilla.suse.com/1259735
- https://bugzilla.suse.com/1259989
- https://bugzilla.suse.com/1260026
- https://www.suse.com/security/cve/CVE-2025-11468
- https://www.suse.com/security/cve/CVE-2025-12084
- https://www.suse.com/security/cve/CVE-2025-13462
- https://www.suse.com/security/cve/CVE-2025-13836
- https://www.suse.com/security/cve/CVE-2025-13837
- https://www.suse.com/security/cve/CVE-2025-15282
- https://www.suse.com/security/cve/CVE-2025-6075
- https://www.suse.com/security/cve/CVE-2026-0672
- https://www.suse.com/security/cve/CVE-2026-0865
- https://www.suse.com/security/cve/CVE-2026-1299
- https://www.suse.com/security/cve/CVE-2026-2297
- https://www.suse.com/security/cve/CVE-2026-3479
- https://www.suse.com/security/cve/CVE-2026-3644
- https://www.suse.com/security/cve/CVE-2026-4224
- https://www.suse.com/security/cve/CVE-2026-4519
Affected packages
openSUSE:Leap 15.6
python311
Package
- Name
- python311
- Purl
- pkg:rpm/opensuse/python311&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"libpython3_11-1_0-32bit": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-base-32bit": "3.11.15-150600.3.53.1",
"libpython3_11-1_0": "3.11.15-150600.3.53.1",
"python311-tk": "3.11.15-150600.3.53.1",
"python311-doc-devhelp": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1",
"python311-idle": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-doc": "3.11.15-150600.3.53.1",
"python311-32bit": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1",
"python311-base": "3.11.15-150600.3.53.1",
"python311-testsuite": "3.11.15-150600.3.53.1"
}
]
}python311-core
Package
- Name
- python311-core
- Purl
- pkg:rpm/opensuse/python311-core&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"libpython3_11-1_0-32bit": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-base-32bit": "3.11.15-150600.3.53.1",
"libpython3_11-1_0": "3.11.15-150600.3.53.1",
"python311-tk": "3.11.15-150600.3.53.1",
"python311-doc-devhelp": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1",
"python311-idle": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-doc": "3.11.15-150600.3.53.1",
"python311-32bit": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1",
"python311-base": "3.11.15-150600.3.53.1",
"python311-testsuite": "3.11.15-150600.3.53.1"
}
]
}python311-documentation
Package
- Name
- python311-documentation
- Purl
- pkg:rpm/opensuse/python311-documentation&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"libpython3_11-1_0-32bit": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-base-32bit": "3.11.15-150600.3.53.1",
"libpython3_11-1_0": "3.11.15-150600.3.53.1",
"python311-tk": "3.11.15-150600.3.53.1",
"python311-doc-devhelp": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1",
"python311-idle": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-doc": "3.11.15-150600.3.53.1",
"python311-32bit": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1",
"python311-base": "3.11.15-150600.3.53.1",
"python311-testsuite": "3.11.15-150600.3.53.1"
}
]
}SUSE:Linux Enterprise Module for Basesystem 15 SP7
python311-core
Package
- Name
- python311-core
- Purl
- pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
SUSE:Linux Enterprise Module for Python 3 15 SP7
python311
Package
- Name
- python311
- Purl
- pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"python311-tk": "3.11.15-150600.3.53.1",
"python311-idle": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1"
}
]
}python311-core
Package
- Name
- python311-core
- Purl
- pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"python311-tk": "3.11.15-150600.3.53.1",
"python311-idle": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1"
}
]
}SUSE:Linux Enterprise Server 15 SP6-LTSS
python311
Package
- Name
- python311
- Purl
- pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"python311-idle": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1",
"libpython3_11-1_0": "3.11.15-150600.3.53.1",
"python311-base": "3.11.15-150600.3.53.1",
"python311-tk": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1"
}
]
}python311-core
Package
- Name
- python311-core
- Purl
- pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"python311-idle": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1",
"libpython3_11-1_0": "3.11.15-150600.3.53.1",
"python311-base": "3.11.15-150600.3.53.1",
"python311-tk": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1"
}
]
}SUSE:Linux Enterprise Server for SAP Applications 15 SP6
python311
Package
- Name
- python311
- Purl
- pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"python311-idle": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1",
"libpython3_11-1_0": "3.11.15-150600.3.53.1",
"python311-base": "3.11.15-150600.3.53.1",
"python311-tk": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1"
}
]
}python311-core
Package
- Name
- python311-core
- Purl
- pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.15-150600.3.53.1
Ecosystem specific
{
"binaries": [
{
"python311-idle": "3.11.15-150600.3.53.1",
"python311": "3.11.15-150600.3.53.1",
"python311-curses": "3.11.15-150600.3.53.1",
"python311-tools": "3.11.15-150600.3.53.1",
"python311-devel": "3.11.15-150600.3.53.1",
"libpython3_11-1_0": "3.11.15-150600.3.53.1",
"python311-base": "3.11.15-150600.3.53.1",
"python311-tk": "3.11.15-150600.3.53.1",
"python311-dbm": "3.11.15-150600.3.53.1"
}
]
}