python3.9-3.9.25-3.el9_7.1

エラータID: AXSA:2026-295:02

リリース日: 
2026/03/12 Thursday - 18:52
題名: 
python3.9-3.9.25-3.el9_7.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)
* cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)
* cpython: email header injection due to unquoted newlines (CVE-2026-1299)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-0865
User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

解決策: 

Update packages.

CVE: 
CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15367
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2026-0865
User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. python3.9-3.9.25-3.el9_7.1.src.rpm
    MD5: a973b84e04bffd9e1141389bad3d654b
    SHA-256: 27ca62a7078ecaec9afed58ebab835c118e1dd21dea4c06f6f8c7324fe422e7a
    Size: 19.85 MB

Asianux Server 9 for x86_64
  1. python3-3.9.25-3.el9_7.1.i686.rpm
    MD5: 4d3aaadfd3ba8150435a7e3d3e2e44c7
    SHA-256: 6e5f57c986364eec1599049c89628bcc3579f5bc2129ee6e3f6ad6e807e2ff72
    Size: 25.89 kB
  2. python3-3.9.25-3.el9_7.1.x86_64.rpm
    MD5: c2b155e4f1a09c94cdeed79e9716cf57
    SHA-256: 40119672def54bdb2367fc861a928cd76b77550b2ad9b1344605b60898f81001
    Size: 25.91 kB
  3. python3-debug-3.9.25-3.el9_7.1.i686.rpm
    MD5: 3cf3f5606a6d5cb1d1470ed5cb4d47f8
    SHA-256: 1bca9bd435628d0058c5c3ed052c4674d6784b0fe596db4c95aa87f6508dab4f
    Size: 2.88 MB
  4. python3-debug-3.9.25-3.el9_7.1.x86_64.rpm
    MD5: 51c01da0fa2c9b8bc0f482094d874f74
    SHA-256: 800b119075d9c920dabbeb15d72b1501491267fb894a07ade3ab641db7e4b27a
    Size: 3.04 MB
  5. python3-devel-3.9.25-3.el9_7.1.i686.rpm
    MD5: 33e9a9ff1e9aaf461529390c772e0de5
    SHA-256: 972743bb404cdeb931b57abf24a4f0fba8f6ee4b5146b71f7d4a87794427bdcd
    Size: 245.58 kB
  6. python3-devel-3.9.25-3.el9_7.1.x86_64.rpm
    MD5: a5e01a42b29171d1150e3ebfb962a915
    SHA-256: 9b5778dcbebd5f38bbc04a8fc03987eeb7b6aede0a0c7561f1423c0d91c6ff8f
    Size: 245.42 kB
  7. python3-idle-3.9.25-3.el9_7.1.i686.rpm
    MD5: 09b3e8b780013dd9aa8b1aa5764ab8e0
    SHA-256: e2b069692cefd131d20636c8501b71810244a3f9bcbdba83d7cb9c580933ddea
    Size: 889.05 kB
  8. python3-idle-3.9.25-3.el9_7.1.x86_64.rpm
    MD5: 326103d27cf99a12ad9f74ac9ef887df
    SHA-256: 81988bf1fbdff539c8751612be92b70c16023b7b28df36cd6c02c3f496b905af
    Size: 889.16 kB
  9. python3-libs-3.9.25-3.el9_7.1.i686.rpm
    MD5: c46d02018afe712f5876c075ce0a405b
    SHA-256: 642edf6c28eb4970acda8d27fdd5da88228ba9d6add75b66c08df38805e435b2
    Size: 8.09 MB
  10. python3-libs-3.9.25-3.el9_7.1.x86_64.rpm
    MD5: ffa36deffe5d7fa8c00acf932fec4431
    SHA-256: 696f633031dfcd90089922770a720d71c356103cbc8d90486acd95256685e024
    Size: 8.04 MB
  11. python3-test-3.9.25-3.el9_7.1.i686.rpm
    MD5: ffae505ae9dba62afb5ddf74bfd51802
    SHA-256: eae167645b2db636b0997ccb147527087dd1da77f53e0447ce4b48538627304d
    Size: 10.21 MB
  12. python3-test-3.9.25-3.el9_7.1.x86_64.rpm
    MD5: e549054e80f29088aef0504c9682a8f8
    SHA-256: 169f6bff18a4e30ee4bed9a8e64a606f0e231ce4fbd815ba2503ef319245c97a
    Size: 10.20 MB
  13. python3-tkinter-3.9.25-3.el9_7.1.i686.rpm
    MD5: 806ff83acf2a78012d1468c5f5f57b60
    SHA-256: c03e56585a080c37623de15dd6f375be57448ac2e2bec527840d888d31dd8538
    Size: 343.40 kB
  14. python3-tkinter-3.9.25-3.el9_7.1.x86_64.rpm
    MD5: 167b65a59b4103405ccd799535a02cf8
    SHA-256: a43e4cd7a9cf9e17d01c0d637b0d1ee3912564b957d8c3bf07300b3931f37b04
    Size: 341.97 kB
  15. python-unversioned-command-3.9.25-3.el9_7.1.noarch.rpm
    MD5: e74533f9802ff995700d732314efb36c
    SHA-256: 1098e7adc021b27ee4c268b449eff3ca0c38f6c9068c26ac8a5a37a84b14f5c4
    Size: 9.26 kB