[CLSA-2026:1783703693] python: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-10 18:03:18 UTC
Description:
- CVE-2026-0672: reject control characters in the Cookie module - add the _has_control_character() helper and validate in Morsel.__setitem__, Morsel.setdefault(), Morsel.set() and BaseCookie.output(). Applied as the prerequisite for CVE-2026-3644; Python 2.7.5 shipped neither fix. - CVE-2026-3644: reject control characters in Morsel.update(), the unpickling path (Morsel.__setstate__) and Morsel.js_output(). - CVE-2026-4224: guard conv_content_model() in pyexpat with Py_EnterRecursiveCall()/Py_LeaveRecursiveCall() to avoid a C stack overflow when parsing a deeply nested content model in an inline DTD with a registered ElementDeclHandler. - CVE-2025-13462: skip the old-v7 AREGTYPE -> DIRTYPE normalization in tarfile when reading a follow-up header (GNU long name/link or PAX extended header), so crafted multi-block members are no longer misinterpreted.
Updated packages:
  • python-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
    sha:0be564d8b587ae7b69455598d828e10d0cffcf83c19217154bef3eee03f22aa6
  • python-debug-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
    sha:38c9e3a9871c0bb24bdd57186a9e224873c52c5ca1785f5b0fe74dab567a2ef9
  • python-devel-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
    sha:97382e1e3d35ab1d2f3c2ff9f892e18fc38512d167404eca1368869ab011b540
  • python-libs-2.7.5-94.0.1.el7_9.tuxcare.els11.i686.rpm
    sha:4d66dc59c6f58ae54d55565d61ceb0292160889e6b9f685f4d5dcb9b9cbf1bff
  • python-libs-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
    sha:5d65b56405888f120b285c4138a7b03704ffc64905ed83da8c52bd0c671572f8
  • python-test-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
    sha:39b3739eb646297af6e5fe6d50da8cd917a8f18f6fd3dac43e03078d898b5e1f
  • python-tools-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
    sha:e78a95ba50ffa3ee0e2e222fadbd5ace7a5dddf64b9582c686e612d8e9de26d1
  • tkinter-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
    sha:1d95db49d7c9ddc73022c16083c3bfb0c9556bf2aa6b4374b022fb2bc5ff0229
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.