Security update for python311 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20374-1 Final 1 1 2026-02-16T09:45:48Z current 2026-02-16T09:45:48Z 2026-02-16T09:45:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python311 This update for python311 fixes the following issues: - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing (bsc#1254997). - CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400). - CVE-2025-13837: protect against OOM when loading malicious content (bsc#1254401). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-393 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620374-1/ Link for SUSE-SU-2026:20374-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024317.html E-Mail link for SUSE-SU-2026:20374-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1254400 SUSE Bug 1254400 https://bugzilla.suse.com/1254401 SUSE Bug 1254401 https://bugzilla.suse.com/1254997 SUSE Bug 1254997 https://www.suse.com/security/cve/CVE-2025-12084/ SUSE CVE CVE-2025-12084 page https://www.suse.com/security/cve/CVE-2025-13836/ SUSE CVE CVE-2025-13836 page https://www.suse.com/security/cve/CVE-2025-13837/ SUSE CVE CVE-2025-13837 page SUSE Linux Micro 6.1 libpython3_11-1_0-3.11.14-slfo.1.1_2.1 python311-3.11.14-slfo.1.1_2.1 python311-base-3.11.14-slfo.1.1_2.1 python311-curses-3.11.14-slfo.1.1_2.1 libpython3_11-1_0-3.11.14-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 python311-3.11.14-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 python311-base-3.11.14-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 python311-curses-3.11.14-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-base-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-curses-3.11.14-slfo.1.1_2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620374-1/ https://www.suse.com/security/cve/CVE-2025-12084.html CVE-2025-12084 https://bugzilla.suse.com/1254997 SUSE Bug 1254997 When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS. CVE-2025-13836 SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-base-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-curses-3.11.14-slfo.1.1_2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620374-1/ https://www.suse.com/security/cve/CVE-2025-13836.html CVE-2025-13836 https://bugzilla.suse.com/1254400 SUSE Bug 1254400 When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues CVE-2025-13837 SUSE Linux Micro 6.1:libpython3_11-1_0-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-base-3.11.14-slfo.1.1_2.1 SUSE Linux Micro 6.1:python311-curses-3.11.14-slfo.1.1_2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620374-1/ https://www.suse.com/security/cve/CVE-2025-13837.html CVE-2025-13837 https://bugzilla.suse.com/1254401 SUSE Bug 1254401