{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-1299: Fix header injection; quote newlines in email headers and\n reject incorrectly folded LiteralHeader values during serialization with\n BytesGenerator.\n- CVE-2026-0865: Fix header injection via user-controlled header names and\n values containing newlines; sanitize and reject header names and values\n containing newline characters.\n- CVE-2025-15367: Reject control characters in POP3 commands to prevent\n command injection via newlines in user-controlled input", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1774438452.json" } ], "tracking": { "current_release_date": "2026-03-25T11:35:10Z", "generator": { "date": "2026-03-25T11:35:10Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1774438452", "initial_release_date": "2026-03-25T11:35:10Z", "revision_history": [ { "date": "2026-03-25T11:35:10Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "python3.11: Fix of 3 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product": { "name": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_id": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-tkinter@3.11.2-2.el9_2.2.tuxcare.els19?arch=i686" } } }, { "category": "product_version", "name": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product": { "name": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_id": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-devel@3.11.2-2.el9_2.2.tuxcare.els19?arch=i686" } } }, { "category": "product_version", "name": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product": { "name": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_id": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-idle@3.11.2-2.el9_2.2.tuxcare.els19?arch=i686" } } }, { "category": "product_version", "name": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product": { "name": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_id": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-libs@3.11.2-2.el9_2.2.tuxcare.els19?arch=i686" } } }, { "category": "product_version", "name": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product": { "name": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_id": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-debug@3.11.2-2.el9_2.2.tuxcare.els19?arch=i686" } } }, { "category": "product_version", "name": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product": { "name": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_id": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-test@3.11.2-2.el9_2.2.tuxcare.els19?arch=i686" } } }, { "category": "product_version", "name": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product": { "name": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_id": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11@3.11.2-2.el9_2.2.tuxcare.els19?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product": { "name": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_id": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-tkinter@3.11.2-2.el9_2.2.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product": { "name": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_id": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-devel@3.11.2-2.el9_2.2.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product": { "name": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_id": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-idle@3.11.2-2.el9_2.2.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product": { "name": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_id": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-libs@3.11.2-2.el9_2.2.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product": { "name": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_id": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-debug@3.11.2-2.el9_2.2.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product": { "name": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_id": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11-test@3.11.2-2.el9_2.2.tuxcare.els19?arch=x86_64" } } }, { "category": "product_version", "name": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product": { "name": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_id": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3.11@3.11.2-2.el9_2.2.tuxcare.els19?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686" }, "product_reference": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" }, "product_reference": "python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686" }, "product_reference": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" }, "product_reference": "python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" }, "product_reference": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686" }, "product_reference": "python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" }, "product_reference": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686" }, "product_reference": "python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686" }, "product_reference": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" }, "product_reference": "python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" }, "product_reference": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686" }, "product_reference": "python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" }, "product_reference": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686" }, "product_reference": "python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-15367", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')" }, "notes": [ { "category": "description", "text": "The poplib module, when passed a user-controlled command, can have\nadditional commands injected using newlines. Mitigation rejects commands\ncontaining control characters.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-15367" } ], "release_date": "2026-01-20T21:47:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-25T11:34:15.215287Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452", "product_ids": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-1299", "cwe": { "id": "CWE-93", "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')" }, "notes": [ { "category": "description", "text": "The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\nis serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-1299" } ], "release_date": "2026-01-23T16:27:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-25T11:34:15.215287Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452", "product_ids": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-0865", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" }, "notes": [ { "category": "description", "text": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-0865" } ], "release_date": "2026-01-20T21:26:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-25T11:34:15.215287Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452", "product_ids": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774438452" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-debug-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-devel-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-idle-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-libs-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-test-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.i686", "AlmaLinux-9.2:python3.11-tkinter-0:3.11.2-2.el9_2.2.tuxcare.els19.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }