Release date:
2026-07-11 16:58:40 UTC
Description:
- CVE-2026-0672: reject control characters in the Cookie module - add the
_has_control_character() helper and validate in Morsel.__setitem__,
Morsel.setdefault(), Morsel.set() and BaseCookie.output(). Applied as the
prerequisite for CVE-2026-3644; Python 2.7.5 shipped neither fix.
- CVE-2026-3644: reject control characters in Morsel.update(), the unpickling
path (Morsel.__setstate__) and Morsel.js_output().
- CVE-2026-4224: guard conv_content_model() in pyexpat with
Py_EnterRecursiveCall()/Py_LeaveRecursiveCall() to avoid a C stack overflow
when parsing a deeply nested content model in an inline DTD with a registered
ElementDeclHandler.
- CVE-2025-13462: skip the old-v7 AREGTYPE -> DIRTYPE normalization in tarfile
when reading a follow-up header (GNU long name/link or PAX extended header),
so crafted multi-block members are no longer misinterpreted.
Updated packages:
-
python-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:07808839ed2ba3e0745f0eb15bc0166846a3ec5b7fa1e0753169d6c26a8e506e
-
python-debug-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:fbc0e2b62151506de4a179002138058a3723f0912e7e3d8bf8ab98f34986b3b7
-
python-devel-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:f0c525f0072fc3c83bb2786ba30e6ed613a6d59ff99360dc52176e84c25fc5df
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els11.i686.rpm
sha:ec26cc73d80a26c505a1064f83c6d5620c80e6cd9ed22d8a6cb770a976595fc3
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:835b3a126aaff0adca948df34bf4035b0ac43fb640b39db3e450a5258a9c6992
-
python-test-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:7911c86320d0fab08d84d0c90b57765913ed89843390953477274b2b67e85143
-
python-tools-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:9eaf4aa4875628100d2aacd7004f34f211977a259d5c508cfd9f4e4e1dc0f457
-
tkinter-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:f42b2253b259349dbc6ef6df2cab81c75c892046a504ccb6c13b2ce4a3e1f65f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.