[CLSA-2026:1772023234] Fix of 5 CVEs

Type:

security

Severity:

Important

Release date:

2026-02-25 12:40:39 UTC

Description:

   * SECURITY UPDATE: Traversing outside chmod directory
     - debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
       -2025-4435-CVE-2025-4517.patch: re-filters directory members
       before chmod/chown
     - CVE-2024-12718
   * SECURITY UPDATE: Symlink exfiltration
     - debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
       -2025-4435-CVE-2025-4517.patch: properly handles different link
       semantics
     - CVE-2025-4138
   * SECURITY UPDATE: Hardlink Fallback Attack
     - debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
       -2025-4435-CVE-2025-4517.patch: re-filter the source if hardlink
       extraction falls back to copying
     - CVE-2025-4330
   * SECURITY UPDATE: Errorlevel=0 Extracts Rejected Members
     - debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
       -2025-4435-CVE-2025-4517.patch: account errorlevel
     - CVE-2025-4435
   * SECURITY UPDATE: PATH_MAX Attack
     - debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
       -2025-4435-CVE-2025-4517.patch: prevents PATH_MAX overflow
       attacks
     - CVE-2025-4517

Updated packages:

alt-python38_3.8.20-8_amd64.deb
sha:f4a29c8d5b8e2e750cc040cb9efb70746221e03a
alt-python38-debug_3.8.20-8_amd64.deb
sha:975a724ef247db21209090834f03c572886d4a2d
alt-python38-devel_3.8.20-8_amd64.deb
sha:2cd0f6fbf9f3c90865e082d4518db333a3532d5d
alt-python38-idle_3.8.20-8_amd64.deb
sha:8ba8cfe8db40f7e0c81f31c11e72d9f0464780bc
alt-python38-libs_3.8.20-8_amd64.deb
sha:3f4fa0e5948dc6d4d4d793c72bf466d2ff7f6b65
alt-python38-test_3.8.20-8_amd64.deb
sha:7925d0d58a5bfc671ad8ee439f97abc5e738efaa
alt-python38-tkinter_3.8.20-8_amd64.deb
sha:f1c158db0d0b20bf2a5135aafe661e616a3aaf5d

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.