Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

CVE-2025-6075 — python: Quadratic complexity in os.path.expandvars() with user-controlled template CVE-2025-8291 — cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked CVE-2025-11468 — cpython: Missing character filtering in Python CVE-2025-12084 — cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service CVE-2025-13836 — cpython: Excessive read buffering DoS in http.client CVE-2025-13837 — cpython: Out-of-memory when loading Plist CVE-2025-15282 — cpython: Header injection via newlines in data URL mediatype in Python CVE-2025-15366 — cpython: IMAP command injection in user-controlled commands CVE-2025-15367 — cpython: POP3 command injection in user-controlled commands CVE-2026-0865 — cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-1299 — cpython: email header injection due to unquoted newlines CVE-2026-1502 — python: Python: HTTP header injection via CR/LF in proxy tunnel headers CVE-2026-2297 — cpython: CPython: Logging Bypass in Legacy .pyc File Handling CVE-2026-3644 — cpython: Incomplete control character validation in http.cookies CVE-2026-4224 — cpython: Stack overflow parsing XML with deeply nested DTD content models CVE-2026-4786 — python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVE-2026-5713 — python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. CVE-2026-6100 — python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules