Release date:
2026-07-10 18:03:18 UTC
Description:
- CVE-2026-0672: reject control characters in the Cookie module - add the
_has_control_character() helper and validate in Morsel.__setitem__,
Morsel.setdefault(), Morsel.set() and BaseCookie.output(). Applied as the
prerequisite for CVE-2026-3644; Python 2.7.5 shipped neither fix.
- CVE-2026-3644: reject control characters in Morsel.update(), the unpickling
path (Morsel.__setstate__) and Morsel.js_output().
- CVE-2026-4224: guard conv_content_model() in pyexpat with
Py_EnterRecursiveCall()/Py_LeaveRecursiveCall() to avoid a C stack overflow
when parsing a deeply nested content model in an inline DTD with a registered
ElementDeclHandler.
- CVE-2025-13462: skip the old-v7 AREGTYPE -> DIRTYPE normalization in tarfile
when reading a follow-up header (GNU long name/link or PAX extended header),
so crafted multi-block members are no longer misinterpreted.
Updated packages:
-
python-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:0be564d8b587ae7b69455598d828e10d0cffcf83c19217154bef3eee03f22aa6
-
python-debug-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:38c9e3a9871c0bb24bdd57186a9e224873c52c5ca1785f5b0fe74dab567a2ef9
-
python-devel-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:97382e1e3d35ab1d2f3c2ff9f892e18fc38512d167404eca1368869ab011b540
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els11.i686.rpm
sha:4d66dc59c6f58ae54d55565d61ceb0292160889e6b9f685f4d5dcb9b9cbf1bff
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:5d65b56405888f120b285c4138a7b03704ffc64905ed83da8c52bd0c671572f8
-
python-test-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:39b3739eb646297af6e5fe6d50da8cd917a8f18f6fd3dac43e03078d898b5e1f
-
python-tools-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:e78a95ba50ffa3ee0e2e222fadbd5ace7a5dddf64b9582c686e612d8e9de26d1
-
tkinter-2.7.5-94.0.1.el7_9.tuxcare.els11.x86_64.rpm
sha:1d95db49d7c9ddc73022c16083c3bfb0c9556bf2aa6b4374b022fb2bc5ff0229
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.