Release date:
2026-02-25 12:36:37 UTC
Description:
* SECURITY UPDATE: Traversing outside chmod directory
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filters directory members
before chmod/chown
- CVE-2024-12718
* SECURITY UPDATE: Symlink exfiltration
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: properly handles different link
semantics
- CVE-2025-4138
* SECURITY UPDATE: Hardlink Fallback Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filter the source if hardlink
extraction falls back to copying
- CVE-2025-4330
* SECURITY UPDATE: Errorlevel=0 Extracts Rejected Members
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: account errorlevel
- CVE-2025-4435
* SECURITY UPDATE: PATH_MAX Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: prevents PATH_MAX overflow
attacks
- CVE-2025-4517
Updated packages:
-
alt-python38_3.8.20-8_amd64.deb
sha:6338d00524816d8e4cc97f2ea4618db740b06180
-
alt-python38-debug_3.8.20-8_amd64.deb
sha:5eb5ec2a2df8f48269b09d0b57c8ca5704180379
-
alt-python38-devel_3.8.20-8_amd64.deb
sha:91cd392ff3b457ad0520dd8d34d2a4abac483fbc
-
alt-python38-idle_3.8.20-8_amd64.deb
sha:c6162e04a4aea59935cd7a3d33c1129abecf2217
-
alt-python38-libs_3.8.20-8_amd64.deb
sha:e59da67d90a7e540763f29e218bab255d389410b
-
alt-python38-test_3.8.20-8_amd64.deb
sha:4272d567c300e94ed9ce0a0bbbc70026f114c0b6
-
alt-python38-tkinter_3.8.20-8_amd64.deb
sha:6b0af67c98b91b837842f86d2cc821ab0f5e53ef
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
