Release date:
2026-05-02 00:58:50 UTC
Description:
- CVE-2026-4519: reject webbrowser.open() URLs with a leading dash to prevent
CLI option injection into the spawned browser process
- CVE-2026-4786: validate URLs after %action substitution and swap the
substitution order in UnixBrowser.open() to close a bypass of the
CVE-2026-4519 dash-prefix check
Updated packages:
-
python-2.6.6-70.el6.tuxcare.els20.i686.rpm
sha:60f5ab5b03fd83703699a78dde691202c05123eeb51734fac80268168a9da0bc
-
python-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:76f8b6c1bec042b4cee53f04373c9b29155353cbb08010e4981d5906d03a1664
-
python-devel-2.6.6-70.el6.tuxcare.els20.i686.rpm
sha:888c9ea9b285000b6148518e30c411379de0ff1d9e7fc71178d51de1fb84deac
-
python-devel-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:701d0608fecf6e30178360c56c0d734a346af25c02b071a5314d5588745798c9
-
python-libs-2.6.6-70.el6.tuxcare.els20.i686.rpm
sha:5a683a9edb0cd0494914adb9ccb70bc636aaf834d3de939ca57e6aa0a5b30b07
-
python-libs-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:6839adaa231238d2a4ff5afd02a6ec22a9a6203baaa7de6f237715e5e40383f3
-
python-test-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:d1a160ed76f66a1b2e2767b57235108d51d0c252fad0f91cffb42408ec31451b
-
python-tools-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:a94430bd0c3860cf8b1e676c701ff946349c93551b4bbe61fdbb57d6991da4ac
-
tkinter-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:820988113549fc2ecf8e1b55e48b3c62f2967f1325a36793995a672ece28f9af
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
