Release date:
2025-11-07 15:30:59 UTC
Description:
* SECURITY UPDATE: Traversing outside chmod directory
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filters directory members
before chmod/chown
- CVE-2024-12718
* SECURITY UPDATE: Symlink exfiltration
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: properly handles different link
semantics
- CVE-2025-4138
* SECURITY UPDATE: Hardlink Fallback Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filter the source if hardlink
extraction falls back to copying
- CVE-2025-4330
* SECURITY UPDATE: Errorlevel=0 Extracts Rejected Members
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: account errorlevel
- CVE-2025-4435
* SECURITY UPDATE: PATH_MAX Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: prevents PATH_MAX overflow
attacks
- CVE-2025-4517
* TEST UPDATE: Incorrect encoding leading to an unexpected
exception in test_tarfile.py
- debian/patch/fix_test_tarfile-enconding.patch: fix encoding
Updated packages:
-
alt-python36_3.6.15-19_amd64.deb
sha:8566fde89e7f37e6c151c0a5dc3000a5a7428a19
-
alt-python36-debug_3.6.15-19_amd64.deb
sha:b6f67b1e66b33b1a1a313aee8ee803ade515cde9
-
alt-python36-devel_3.6.15-19_amd64.deb
sha:e601958f14f6c16ad18cc0f4ee01571fddbab876
-
alt-python36-libs_3.6.15-19_amd64.deb
sha:caba438b7a70465a1ad11be7ac0dffb93e7c4395
-
alt-python36-test_3.6.15-19_amd64.deb
sha:011799d8578fdeeecc0397392f9a40e64af65b33
-
alt-python36-tkinter_3.6.15-19_amd64.deb
sha:af0e2df0871b7a1c5464f78e632f98f5a0a179b3
-
alt-python36-tools_3.6.15-19_amd64.deb
sha:ea5d4b85f3598627fbfb3ba6ab56dd5eadfe1f15
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
