Release date:
2026-02-23 18:20:15 UTC
Description:
* SECURITY UPDATE: Traversing outside chmod directory
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filters directory members
before chmod/chown
- CVE-2024-12718
* SECURITY UPDATE: Symlink exfiltration
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: properly handles different link
semantics
- CVE-2025-4138
* SECURITY UPDATE: Hardlink Fallback Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filter the source if hardlink
extraction falls back to copying
- CVE-2025-4330
* SECURITY UPDATE: Errorlevel=0 Extracts Rejected Members
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: account errorlevel
- CVE-2025-4435
* SECURITY UPDATE: PATH_MAX Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: prevents PATH_MAX overflow
attacks
- CVE-2025-4517
Updated packages:
-
alt-python37_3.7.17-11_amd64.deb
sha:c9a18096b6d0de528cc782c7e661ff51c135432d
-
alt-python37-debug_3.7.17-11_amd64.deb
sha:f8d4a17758759aec33a4d4c68f35296d9f08a633
-
alt-python37-devel_3.7.17-11_amd64.deb
sha:f5846b7d8ce58d020bb6dc48cef1ff9fc7ad1b26
-
alt-python37-libs_3.7.17-11_amd64.deb
sha:46f3462f3918f24732eb34dee353900e7aa9a44b
-
alt-python37-test_3.7.17-11_amd64.deb
sha:24c67d6f9ea5dcab0e30da6498fc5109ce64c049
-
alt-python37-tkinter_3.7.17-11_amd64.deb
sha:f6dab0b2b08e08060ee8797e1b19fdd5aea687ae
-
alt-python37-tools_3.7.17-11_amd64.deb
sha:04814745e4ac7da96ebfae36bc2c519e9bb873ca
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
