python3.11-3.11.13-5.el8_10

エラータID: AXSA:2026-312:06

Release date: 
Monday, March 16, 2026 - 21:00
Subject: 
python3.11-3.11.13-5.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* cpython: wsgiref.headers.Headers allows header newline injection in Python (CVE-2026-0865)
* cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)
* cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)
* cpython: email header injection due to unquoted newlines (CVE-2026-1299)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-0865
User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Solution: 

Update packages.

CVEs: 
CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-0865
User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.11-3.11.13-5.el8_10.src.rpm
    MD5: 301fc1d2158c4ff473ef7fe8e451acc5
    SHA-256: 7dc634984c4b443ad8a9abb605021d82f5454af4cd2a251e6bf57816e0df23f3
    Size: 19.27 MB

Asianux Server 8 for x86_64
  1. python3.11-3.11.13-5.el8_10.i686.rpm
    MD5: 74fb4089d210bf0f8c70ebcba3e82573
    SHA-256: dd9716363052eda03262ca342c2f6219f09ae9d6bd5f5073303b42c90aed4837
    Size: 31.09 kB
  2. python3.11-3.11.13-5.el8_10.x86_64.rpm
    MD5: 48803e7840b6294c6bb52def3943f401
    SHA-256: 5a4e327706fe6328ac11882658acb415fc1b24f83c697ad629d153b4993eb12a
    Size: 31.01 kB
  3. python3.11-debug-3.11.13-5.el8_10.i686.rpm
    MD5: 2d6a6ee4d9cbd56de9c44c3a3b1e0465
    SHA-256: 97e8b0b7e90fef17e1484f4560e7f1b8e6127ec82ed01efe753f127f7ff63282
    Size: 3.20 MB
  4. python3.11-debug-3.11.13-5.el8_10.x86_64.rpm
    MD5: cf29a2637e667c58fc4e163dcba0fd68
    SHA-256: 1739459953c0c6d8167d2621e40fb0f781acb84754be85ba44c7ef7575921f19
    Size: 3.33 MB
  5. python3.11-devel-3.11.13-5.el8_10.i686.rpm
    MD5: a7e00055bc9f989795b222d16a117f7d
    SHA-256: 0fa35472b260b09edb0b495d66d26ff22a0db1a73362b3dcf921750045042284
    Size: 249.12 kB
  6. python3.11-devel-3.11.13-5.el8_10.x86_64.rpm
    MD5: f35e95b10f082e512d68bf500641b25c
    SHA-256: 61aaa7c58dd1c983cfd321b542a4074a1a15166df053024b7b82d6a213cf1855
    Size: 249.08 kB
  7. python3.11-idle-3.11.13-5.el8_10.i686.rpm
    MD5: 858e85c15ffb10d70fa7601fc43717d6
    SHA-256: 1f322ac132b6772be6d33d1c21514bf1e070ddd423bd612ab73933eac035fe7c
    Size: 1.32 MB
  8. python3.11-idle-3.11.13-5.el8_10.x86_64.rpm
    MD5: 55d7ca2832398b1d5cf54fc961cae934
    SHA-256: 76da2d8d3c70b38ccbd9a10129901f095b2b46e8beec35cb5b61eeac826dc196
    Size: 1.32 MB
  9. python3.11-libs-3.11.13-5.el8_10.i686.rpm
    MD5: 8640e2335a23e1fcb0e893bc6212a443
    SHA-256: dbf25224aa1b4c616a6a1199eaf47c866e53cee33c5af86cc7db4526d938b364
    Size: 10.51 MB
  10. python3.11-libs-3.11.13-5.el8_10.x86_64.rpm
    MD5: 5068d58abd338585cea7314ef32101e0
    SHA-256: 23cdae08885a9a8675c2275a7bb98c43df75bf3d12623a4ef08414f31a4e08ae
    Size: 10.41 MB
  11. python3.11-rpm-macros-3.11.13-5.el8_10.noarch.rpm
    MD5: 91085d1187f5bb3aa7f7c2b70b5b3cb6
    SHA-256: bc443da88439dbd3156195a2dc6be98c4abba369ffee129e59b8454664c12ab4
    Size: 15.46 kB
  12. python3.11-test-3.11.13-5.el8_10.i686.rpm
    MD5: 6347aea96537bf6e0e594ab12e40c7e2
    SHA-256: a8102dfb9cc5ff05e0fe997e3a43b8da2d68f8efb638a06af7664745de5bfe7e
    Size: 15.75 MB
  13. python3.11-test-3.11.13-5.el8_10.x86_64.rpm
    MD5: 18b7956417f3046bc9734f2d2fdb5190
    SHA-256: 13680696647a131eab8130485099733aae6e0672899491fc8c250225a2fee6b8
    Size: 15.75 MB
  14. python3.11-tkinter-3.11.13-5.el8_10.i686.rpm
    MD5: 93f2882b6fc0c8208618805068a46545
    SHA-256: 3555a997cb4fc97ca4c1469c298a883ed88a13c38f58337be91ca143e0a7849b
    Size: 411.27 kB
  15. python3.11-tkinter-3.11.13-5.el8_10.x86_64.rpm
    MD5: 1e232f5b31d2e982e454091aef8cb294
    SHA-256: 3f15a577ee7d1f7d4d33bb10431b49332cd1e66b52a90008ad8b7224abd88e82
    Size: 409.78 kB