python3.12-3.12.12-4.el9_7.1

エラータID: AXSA:2026-294:08

Release date: 
Thursday, March 12, 2026 - 18:11
Subject: 
python3.12-3.12.12-4.el9_7.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)
* cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)
* cpython: email header injection due to unquoted newlines (CVE-2026-1299)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Solution: 

Update packages.

CVEs: 
CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.12-3.12.12-4.el9_7.1.src.rpm
    MD5: 13353e77cafd472d90290d921c7d7098
    SHA-256: b9fff1ad0b639490e3f0422c2c2bf5068664253dc0c64ffc60b3d438daaeb3a7
    Size: 19.91 MB

Asianux Server 9 for x86_64
  1. python3.12-3.12.12-4.el9_7.1.i686.rpm
    MD5: 48d3c4cdfabb0233a89605996aaa5a38
    SHA-256: 4a9f33ecfa4f13794a6f07d5265bd4a1f27fd17ea5a4295535acf168f3f1d2fe
    Size: 25.57 kB
  2. python3.12-3.12.12-4.el9_7.1.x86_64.rpm
    MD5: 8d7a676c0505d131da7d350d94d227ad
    SHA-256: 374648a9cecb3d93e55c6bc116055fbf8acbb356402324ee48bb84fd64bb3198
    Size: 25.56 kB
  3. python3.12-debug-3.12.12-4.el9_7.1.i686.rpm
    MD5: c908c176099448f1d801c8e4cfadd054
    SHA-256: 3f76a0ee298a811f29af885d11d68a7da685a98636cd52d3219031aafb87f08e
    Size: 3.54 MB
  4. python3.12-debug-3.12.12-4.el9_7.1.x86_64.rpm
    MD5: 9562b0ce2b6975473553b359c3560519
    SHA-256: 1e33328eacb18e402baf8628366d3dd35d8b58a6351fd596d84f325f2ade4c19
    Size: 3.71 MB
  5. python3.12-devel-3.12.12-4.el9_7.1.i686.rpm
    MD5: 8a51a6e96767a31fddf68d6a990d907d
    SHA-256: 22fad4ef8508e531c54e14d5f3b0c529c981f794db47dd1aa5d040aec3842c81
    Size: 327.17 kB
  6. python3.12-devel-3.12.12-4.el9_7.1.x86_64.rpm
    MD5: b9a6c83627257b350d569608caf7c4a0
    SHA-256: 173ce7e8279e46e5091efd64964a99902c5a91a9ff96df0dfb82166a795f7bb8
    Size: 327.16 kB
  7. python3.12-idle-3.12.12-4.el9_7.1.i686.rpm
    MD5: dfd4ebf4304cdec6f1864c6328312205
    SHA-256: 596d9db4fc508a437c0546bf6d87910d92ba41c90178f855d413cb126cc8b6f2
    Size: 1.07 MB
  8. python3.12-idle-3.12.12-4.el9_7.1.x86_64.rpm
    MD5: 7a0958042ca7a20f4ddbc676289d2652
    SHA-256: af27e9a1abcff32370f6fdbdf2a4107bb18ae13ebd18f29b7d6d2993a128fca1
    Size: 1.07 MB
  9. python3.12-libs-3.12.12-4.el9_7.1.i686.rpm
    MD5: b8c07c803a3712ea5c1d1a8519c1e2d2
    SHA-256: 865c739b8ca878c94303fe9a92c2439180a66182bf01393b74c9c70290b18495
    Size: 9.72 MB
  10. python3.12-libs-3.12.12-4.el9_7.1.x86_64.rpm
    MD5: d5ce94dc92650ecd6d38dd7bc6b223b7
    SHA-256: 70192a6ece76a668c2cf31277bf9e1322456877268601632fe2d5df5d69315cb
    Size: 9.69 MB
  11. python3.12-test-3.12.12-4.el9_7.1.i686.rpm
    MD5: 3dfb4d1970124b4dd73683dfe376c1c0
    SHA-256: ced5eee23dc6199ee8ef127cfdb6c33dd67375cdf0f079a21f079ecb633709c0
    Size: 15.74 MB
  12. python3.12-test-3.12.12-4.el9_7.1.x86_64.rpm
    MD5: 11b895219b34234451d2991e71f88ff7
    SHA-256: 12c46e1132d0b350e25bfbcac2548010a6f99813131caa0937b7d1056ef9a6c5
    Size: 15.73 MB
  13. python3.12-tkinter-3.12.12-4.el9_7.1.i686.rpm
    MD5: f9b0c960da46d5e93da5caa6d4cd4f7f
    SHA-256: 3bb608776bbb0475c0bc5813f29580ba3965dac0c4c888fdabbc6e2c6a42eab2
    Size: 421.17 kB
  14. python3.12-tkinter-3.12.12-4.el9_7.1.x86_64.rpm
    MD5: 94baccbe1d0c48af333bd87e05a158f3
    SHA-256: b9e0911d4234585b3cde685e2dd4d6226b13effa8d2263b7e64efb1826324f20
    Size: 420.16 kB