Red Hat Security Advisory: python3.12 security update

CVE-2025-6075 — python: Quadratic complexity in os.path.expandvars() with user-controlled template CVE-2025-13837 — cpython: Out-of-memory when loading Plist CVE-2025-15282 — cpython: Header injection via newlines in data URL mediatype in Python CVE-2025-59375 — firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2026-0672 — cpython: Header injection in http.cookies.Morsel in Python CVE-2026-1502 — python: Python: HTTP header injection via CR/LF in proxy tunnel headers CVE-2026-2297 — cpython: CPython: Logging Bypass in Legacy .pyc File Handling CVE-2026-3644 — cpython: Incomplete control character validation in http.cookies CVE-2026-4224 — cpython: Stack overflow parsing XML with deeply nested DTD content models CVE-2026-4786 — python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVE-2026-6100 — python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules