[CLSA-2026:1782979631] python2: Fix of CVE-2026-4224
Type:
security
Severity:
Important
Release date:
2026-07-02 08:07:26 UTC
Description:
- CVE-2026-4224: guard conv_content_model in pyexpat.c with Py_EnterRecursiveCall/Py_LeaveRecursiveCall so a deeply nested XML content model parsed via a registered ElementDeclHandler raises RecursionError instead of overflowing the C stack
CVEs fixed:
Updated packages:
  • python2-2.7.18-17.module_el8+2437+fe5a529b.tuxcare.els13.x86_64.rpm
    sha:73c9cb69ea9aa24c3b54ff5ae580e5694fa9cb9ff067b7f473beeb7f99113b41
  • python2-debug-2.7.18-17.module_el8+2437+fe5a529b.tuxcare.els13.x86_64.rpm
    sha:718a47052c0f63eb52deddfab8253785bbaf82108ff27356633e71cedd1c4fcc
  • python2-devel-2.7.18-17.module_el8+2437+fe5a529b.tuxcare.els13.x86_64.rpm
    sha:f7a063ae04056bb145582bcbf484df8aeddd55bd88af7c3180d4ceb283fb1749
  • python2-libs-2.7.18-17.module_el8+2437+fe5a529b.tuxcare.els13.x86_64.rpm
    sha:5262ad9ddd4d32756335f5d925a5f631689d9e2c670e03cebc5fc6dd15d1505c
  • python2-test-2.7.18-17.module_el8+2437+fe5a529b.tuxcare.els13.x86_64.rpm
    sha:80017df0828f49480286c6d16c446fd3baacd13dda8ee8603c3fbdaa52ad7c60
  • python2-tkinter-2.7.18-17.module_el8+2437+fe5a529b.tuxcare.els13.x86_64.rpm
    sha:ff551af6c6801d5b950fc387b61303c0e6eaafc27ebb88c6a8058c96a390441b
  • python2-tools-2.7.18-17.module_el8+2437+fe5a529b.tuxcare.els13.x86_64.rpm
    sha:67e0c7eca4a471e2c441dbab0ce2994198a142ffda7e4e6770ba2752a657fe6d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.