python3.12-3.12.12-3.el8_10

エラータID: AXSA:2026-308:09

Release date: 
Monday, March 16, 2026 - 15:17
Subject: 
python3.12-3.12.12-3.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* cpython: wsgiref.headers.Headers allows header newline injection in Python (CVE-2026-0865)
* cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)
* cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)
* cpython: email header injection due to unquoted newlines (CVE-2026-1299)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-0865
User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Solution: 

Update packages.

CVEs: 
CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-0865
User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.12-3.12.12-3.el8_10.src.rpm
    MD5: e8f7c1cab22cab8e700b64c53ee18aa9
    SHA-256: b323345407deba4e3deb9f8a0db877c4d151e26e467253784dd67893e4a64df5
    Size: 19.91 MB

Asianux Server 8 for x86_64
  1. python3.12-3.12.12-3.el8_10.i686.rpm
    MD5: 9e55726ccea6e94cb11db5567ee4a833
    SHA-256: 9104eb38de3800620b0a071d3e4bc1dd41625b6b7b76d782d412fa57c5191c63
    Size: 30.62 kB
  2. python3.12-3.12.12-3.el8_10.x86_64.rpm
    MD5: 98edae403734a94baef50e69cd153114
    SHA-256: e6f3139ef3c0ed5c996b591d903aacfeaacaecacb1a43baa31a38520291dacdf
    Size: 30.54 kB
  3. python3.12-debug-3.12.12-3.el8_10.i686.rpm
    MD5: 189ee6b9433290a583c33ea9eed6729d
    SHA-256: 5ba71a95a8b477ae9867e7fd657801cb4697135261e96e62293ae472adfd8fc3
    Size: 3.50 MB
  4. python3.12-debug-3.12.12-3.el8_10.x86_64.rpm
    MD5: c723202475c0190bf86f2a703b563db6
    SHA-256: e2e45ca838dc340ac03f716409ff95af22222b2624ad30aa74bff0325516b7cd
    Size: 3.69 MB
  5. python3.12-devel-3.12.12-3.el8_10.i686.rpm
    MD5: e6a2b0af5b7866d6d8840424c9ffb9f6
    SHA-256: 5b960041d552c843c5250595a21bfdb82aa45ee941e40cb8c540cd8516e7be98
    Size: 291.64 kB
  6. python3.12-devel-3.12.12-3.el8_10.x86_64.rpm
    MD5: 93741736044bb27debb33387af9fbf2e
    SHA-256: cb8b36652303727080584b70d7507556c16c973d961363f9fa5e6d19c72f5a48
    Size: 291.54 kB
  7. python3.12-idle-3.12.12-3.el8_10.i686.rpm
    MD5: 90e26b98a7a8d0116df2e07c83f4a79a
    SHA-256: ede18afb8d9ef6f98b928f6700bc1e48acd731011e0a7376b4663288f01ea21d
    Size: 1.29 MB
  8. python3.12-idle-3.12.12-3.el8_10.x86_64.rpm
    MD5: 665e9eb97bc8865c6121da95de87168b
    SHA-256: 80b6004baa2bd19d7f0e7dda0fc36059ce91908e1fdc80b5037fd167752a1127
    Size: 1.29 MB
  9. python3.12-libs-3.12.12-3.el8_10.i686.rpm
    MD5: 454c3e3b4c90658e38c5d556124d7c29
    SHA-256: ed63f52e9776e50c295f8e135058a19193d8ac32e7900a8ed8771e1ad715a962
    Size: 10.11 MB
  10. python3.12-libs-3.12.12-3.el8_10.x86_64.rpm
    MD5: 885da2cace86839762332ebbeb7145b9
    SHA-256: 9ee2dd22f5fbdabd6415895df820fc1b298173ec0366e234740d75410a2d5b04
    Size: 10.02 MB
  11. python3.12-rpm-macros-3.12.12-3.el8_10.noarch.rpm
    MD5: b736f747690e24cfad5d7b986931e9e2
    SHA-256: b2b40556c215eae81e638aa4a4a366e592c308c420b5df02eadbb55b5f5d4b9f
    Size: 16.96 kB
  12. python3.12-test-3.12.12-3.el8_10.i686.rpm
    MD5: e555885a97aa315ce47ce4ae6a142e31
    SHA-256: 7ec221ba9a57f27e0feed8f59e455e046612135985934860bdf10b88023a705d
    Size: 15.99 MB
  13. python3.12-test-3.12.12-3.el8_10.x86_64.rpm
    MD5: 7cacef5720420f12ddb7a2ef84afdd41
    SHA-256: 99496d7130d2bd6c93aa45e74bf2e470363a3e9d62cdba9a2e412c63b790c3f2
    Size: 15.99 MB
  14. python3.12-tkinter-3.12.12-3.el8_10.i686.rpm
    MD5: bd3ca7ab40ea79cf4c8a5c695db61d0d
    SHA-256: f216b7f01afeec5e171fc9bc87c2e287131de67a2c2f2fc87f4b998e75e1d832
    Size: 403.37 kB
  15. python3.12-tkinter-3.12.12-3.el8_10.x86_64.rpm
    MD5: bd2b2d84fc5fb4b94061173626bbadb2
    SHA-256: 6035a51151af1845a283dc35bbfff1f5494e6bb006566bd375c5c940843e8d3c
    Size: 402.00 kB