python310-3.10.19-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10200-1 Final 1 1 2026-02-13T00:00:00Z current 2026-02-13T00:00:00Z 2026-02-13T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python310-3.10.19-4.1 on GA media These are all security issues fixed in the python310-3.10.19-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10200 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-11468/ SUSE CVE CVE-2025-11468 page https://www.suse.com/security/cve/CVE-2025-15282/ SUSE CVE CVE-2025-15282 page https://www.suse.com/security/cve/CVE-2025-15366/ SUSE CVE CVE-2025-15366 page https://www.suse.com/security/cve/CVE-2025-15367/ SUSE CVE CVE-2025-15367 page https://www.suse.com/security/cve/CVE-2026-0672/ SUSE CVE CVE-2026-0672 page https://www.suse.com/security/cve/CVE-2026-0865/ SUSE CVE CVE-2026-0865 page openSUSE Tumbleweed python310-3.10.19-4.1 python310-32bit-3.10.19-4.1 python310-curses-3.10.19-4.1 python310-dbm-3.10.19-4.1 python310-idle-3.10.19-4.1 python310-tk-3.10.19-4.1 python310-3.10.19-4.1 as a component of openSUSE Tumbleweed python310-32bit-3.10.19-4.1 as a component of openSUSE Tumbleweed python310-curses-3.10.19-4.1 as a component of openSUSE Tumbleweed python310-dbm-3.10.19-4.1 as a component of openSUSE Tumbleweed python310-idle-3.10.19-4.1 as a component of openSUSE Tumbleweed python310-tk-3.10.19-4.1 as a component of openSUSE Tumbleweed When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 openSUSE Tumbleweed:python310-3.10.19-4.1 openSUSE Tumbleweed:python310-32bit-3.10.19-4.1 openSUSE Tumbleweed:python310-curses-3.10.19-4.1 openSUSE Tumbleweed:python310-dbm-3.10.19-4.1 openSUSE Tumbleweed:python310-idle-3.10.19-4.1 openSUSE Tumbleweed:python310-tk-3.10.19-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-11468.html CVE-2025-11468 https://bugzilla.suse.com/1257029 SUSE Bug 1257029 User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype. CVE-2025-15282 openSUSE Tumbleweed:python310-3.10.19-4.1 openSUSE Tumbleweed:python310-32bit-3.10.19-4.1 openSUSE Tumbleweed:python310-curses-3.10.19-4.1 openSUSE Tumbleweed:python310-dbm-3.10.19-4.1 openSUSE Tumbleweed:python310-idle-3.10.19-4.1 openSUSE Tumbleweed:python310-tk-3.10.19-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-15282.html CVE-2025-15282 https://bugzilla.suse.com/1257046 SUSE Bug 1257046 The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters. CVE-2025-15366 openSUSE Tumbleweed:python310-3.10.19-4.1 openSUSE Tumbleweed:python310-32bit-3.10.19-4.1 openSUSE Tumbleweed:python310-curses-3.10.19-4.1 openSUSE Tumbleweed:python310-dbm-3.10.19-4.1 openSUSE Tumbleweed:python310-idle-3.10.19-4.1 openSUSE Tumbleweed:python310-tk-3.10.19-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-15366.html CVE-2025-15366 https://bugzilla.suse.com/1257044 SUSE Bug 1257044 The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters. CVE-2025-15367 openSUSE Tumbleweed:python310-3.10.19-4.1 openSUSE Tumbleweed:python310-32bit-3.10.19-4.1 openSUSE Tumbleweed:python310-curses-3.10.19-4.1 openSUSE Tumbleweed:python310-dbm-3.10.19-4.1 openSUSE Tumbleweed:python310-idle-3.10.19-4.1 openSUSE Tumbleweed:python310-tk-3.10.19-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-15367.html CVE-2025-15367 https://bugzilla.suse.com/1257041 SUSE Bug 1257041 When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 openSUSE Tumbleweed:python310-3.10.19-4.1 openSUSE Tumbleweed:python310-32bit-3.10.19-4.1 openSUSE Tumbleweed:python310-curses-3.10.19-4.1 openSUSE Tumbleweed:python310-dbm-3.10.19-4.1 openSUSE Tumbleweed:python310-idle-3.10.19-4.1 openSUSE Tumbleweed:python310-tk-3.10.19-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-0672.html CVE-2026-0672 https://bugzilla.suse.com/1257031 SUSE Bug 1257031 User-controlled header names and values containing newlines can allow injecting HTTP headers. CVE-2026-0865 openSUSE Tumbleweed:python310-3.10.19-4.1 openSUSE Tumbleweed:python310-32bit-3.10.19-4.1 openSUSE Tumbleweed:python310-curses-3.10.19-4.1 openSUSE Tumbleweed:python310-dbm-3.10.19-4.1 openSUSE Tumbleweed:python310-idle-3.10.19-4.1 openSUSE Tumbleweed:python310-tk-3.10.19-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-0865.html CVE-2026-0865 https://bugzilla.suse.com/1257042 SUSE Bug 1257042