Red Hat Product Errata RHSA-2026:5152 - Security Advisory
Issued:
2026-03-19
Updated:
2026-03-19

RHSA-2026:5152 - Security Advisory

Synopsis

Moderate: python3.11 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)
  • cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)
  • cpython: email header injection due to unquoted newlines (CVE-2026-1299)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2431368 - CVE-2025-15366 cpython: IMAP command injection in user-controlled commands
  • BZ - 2431373 - CVE-2025-15367 cpython: POP3 command injection in user-controlled commands
  • BZ - 2432437 - CVE-2026-1299 cpython: email header injection due to unquoted newlines

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
python3.11-3.11.2-2.el8_8.8.src.rpm SHA-256: 306d46c5185142893d2f316a13b989dbc50adcb36f5a90ed4c3994e83c0c28d5
x86_64
python3.11-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: 355f780c140e0e674938a6963e844385d57c701731ef067e2f17a5f360533eb8
python3.11-debuginfo-3.11.2-2.el8_8.8.i686.rpm SHA-256: c94096e710583b510f2c6ced8cfce407387695c1ebe81751de12296c1ef29172
python3.11-debuginfo-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: 1efb243ed3a294640eafa0bf3b45bb426d35d0a89c42bb4b8f3e99d72f3ce2ec
python3.11-debugsource-3.11.2-2.el8_8.8.i686.rpm SHA-256: 3ae2833fff943ae232a6bd700ac377c5cde0f98cff4875e85d60945ae20cb3e5
python3.11-debugsource-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: e69673e619ab85c50f8b630f349779e289966e5ac2993cc36fec81b6b3997dff
python3.11-devel-3.11.2-2.el8_8.8.i686.rpm SHA-256: c93eb5d099c431998a7a27ad670c9e882807f89775cfb1b736cd11b49cc7994e
python3.11-devel-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: d7b50d63a0a77338ee5fc2fab0ea5938b0dfc1e62a3fb167520b2f76cbfebd2a
python3.11-libs-3.11.2-2.el8_8.8.i686.rpm SHA-256: 39f48bca2934591ba0001b8dfe7cfefb5ccb5276e876bca5f3a27f342aad796b
python3.11-libs-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: fc4d4bf95f0682544dd502dae4bd7d3fe9f57919a8b3cb1524130709dd3fdaab
python3.11-rpm-macros-3.11.2-2.el8_8.8.noarch.rpm SHA-256: c0a28fadb3be87aeb243df8d073b6ac0add8cf4898f467397eeed34852fb144a
python3.11-tkinter-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: ffbf83f6eb25b0a2593513f5efa6517be814f31817d38000617b6e4b422edde9

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
python3.11-3.11.2-2.el8_8.8.src.rpm SHA-256: 306d46c5185142893d2f316a13b989dbc50adcb36f5a90ed4c3994e83c0c28d5
x86_64
python3.11-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: 355f780c140e0e674938a6963e844385d57c701731ef067e2f17a5f360533eb8
python3.11-debuginfo-3.11.2-2.el8_8.8.i686.rpm SHA-256: c94096e710583b510f2c6ced8cfce407387695c1ebe81751de12296c1ef29172
python3.11-debuginfo-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: 1efb243ed3a294640eafa0bf3b45bb426d35d0a89c42bb4b8f3e99d72f3ce2ec
python3.11-debugsource-3.11.2-2.el8_8.8.i686.rpm SHA-256: 3ae2833fff943ae232a6bd700ac377c5cde0f98cff4875e85d60945ae20cb3e5
python3.11-debugsource-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: e69673e619ab85c50f8b630f349779e289966e5ac2993cc36fec81b6b3997dff
python3.11-devel-3.11.2-2.el8_8.8.i686.rpm SHA-256: c93eb5d099c431998a7a27ad670c9e882807f89775cfb1b736cd11b49cc7994e
python3.11-devel-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: d7b50d63a0a77338ee5fc2fab0ea5938b0dfc1e62a3fb167520b2f76cbfebd2a
python3.11-libs-3.11.2-2.el8_8.8.i686.rpm SHA-256: 39f48bca2934591ba0001b8dfe7cfefb5ccb5276e876bca5f3a27f342aad796b
python3.11-libs-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: fc4d4bf95f0682544dd502dae4bd7d3fe9f57919a8b3cb1524130709dd3fdaab
python3.11-rpm-macros-3.11.2-2.el8_8.8.noarch.rpm SHA-256: c0a28fadb3be87aeb243df8d073b6ac0add8cf4898f467397eeed34852fb144a
python3.11-tkinter-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: ffbf83f6eb25b0a2593513f5efa6517be814f31817d38000617b6e4b422edde9

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
python3.11-3.11.2-2.el8_8.8.src.rpm SHA-256: 306d46c5185142893d2f316a13b989dbc50adcb36f5a90ed4c3994e83c0c28d5
ppc64le
python3.11-3.11.2-2.el8_8.8.ppc64le.rpm SHA-256: 055fea53d56e7893318eedd40b7e490909c09447a24d886db81f628202ca9bbb
python3.11-debuginfo-3.11.2-2.el8_8.8.ppc64le.rpm SHA-256: 66c006c68e5273095be9c6e4af8921b559fe10b7a82a95c28b325c93986b6d5b
python3.11-debugsource-3.11.2-2.el8_8.8.ppc64le.rpm SHA-256: 88d56ea5417f60d4561e56e146070c265ee11b845bab0db48c5b6c1f5060a59c
python3.11-devel-3.11.2-2.el8_8.8.ppc64le.rpm SHA-256: 87f10f5b234525dfb0ffa82a5890e88d0b426aff88f3c683ba3353c3120eefa4
python3.11-libs-3.11.2-2.el8_8.8.ppc64le.rpm SHA-256: d4a0bfbfe73c5127f1bb29acf50dd5b9cc4e82ea51374a98e5e809b9c5651f3e
python3.11-rpm-macros-3.11.2-2.el8_8.8.noarch.rpm SHA-256: c0a28fadb3be87aeb243df8d073b6ac0add8cf4898f467397eeed34852fb144a
python3.11-tkinter-3.11.2-2.el8_8.8.ppc64le.rpm SHA-256: 67fa957a599d19b223f4e7b66f0c531f9ec266c7652565c68be888dabc0280eb

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
python3.11-3.11.2-2.el8_8.8.src.rpm SHA-256: 306d46c5185142893d2f316a13b989dbc50adcb36f5a90ed4c3994e83c0c28d5
x86_64
python3.11-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: 355f780c140e0e674938a6963e844385d57c701731ef067e2f17a5f360533eb8
python3.11-debuginfo-3.11.2-2.el8_8.8.i686.rpm SHA-256: c94096e710583b510f2c6ced8cfce407387695c1ebe81751de12296c1ef29172
python3.11-debuginfo-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: 1efb243ed3a294640eafa0bf3b45bb426d35d0a89c42bb4b8f3e99d72f3ce2ec
python3.11-debugsource-3.11.2-2.el8_8.8.i686.rpm SHA-256: 3ae2833fff943ae232a6bd700ac377c5cde0f98cff4875e85d60945ae20cb3e5
python3.11-debugsource-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: e69673e619ab85c50f8b630f349779e289966e5ac2993cc36fec81b6b3997dff
python3.11-devel-3.11.2-2.el8_8.8.i686.rpm SHA-256: c93eb5d099c431998a7a27ad670c9e882807f89775cfb1b736cd11b49cc7994e
python3.11-devel-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: d7b50d63a0a77338ee5fc2fab0ea5938b0dfc1e62a3fb167520b2f76cbfebd2a
python3.11-libs-3.11.2-2.el8_8.8.i686.rpm SHA-256: 39f48bca2934591ba0001b8dfe7cfefb5ccb5276e876bca5f3a27f342aad796b
python3.11-libs-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: fc4d4bf95f0682544dd502dae4bd7d3fe9f57919a8b3cb1524130709dd3fdaab
python3.11-rpm-macros-3.11.2-2.el8_8.8.noarch.rpm SHA-256: c0a28fadb3be87aeb243df8d073b6ac0add8cf4898f467397eeed34852fb144a
python3.11-tkinter-3.11.2-2.el8_8.8.x86_64.rpm SHA-256: ffbf83f6eb25b0a2593513f5efa6517be814f31817d38000617b6e4b422edde9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.