Release date:
2026-05-05 00:28:34 UTC
Description:
- CVE-2025-8194: validate that tarfile member offsets are non-negative to
prevent infinite loop / DoS during parsing of malicious tar archives
- CVE-2026-4519: reject URLs with leading dashes in webbrowser.open() to
prevent injection of command-line options into spawned browser process
- CVE-2026-4786: fix bypass of CVE-2026-4519 check via %action substitution
in UnixBrowser.open() that allowed dash-prefixed URLs through
Updated packages:
-
python2-2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9.x86_64.rpm
sha:b31f0b7982283da37efc89d84a518e0674c4253ab6150cc2050c636630b8c6ae
-
python2-debug-2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9.x86_64.rpm
sha:03efebc64a4c31fa7fc087a67f7d373d8a0285961eeaf3e724bc2301b7ddc2fb
-
python2-devel-2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9.x86_64.rpm
sha:46c388c5316a915ff4f86234cf1a642a35d2b0009e7495b01f935ac96d063d39
-
python2-libs-2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9.x86_64.rpm
sha:46a315b434eff111ff121b1f798b80254d1146fdafc0840d8316fe766a32514b
-
python2-test-2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9.x86_64.rpm
sha:1d5493065c5a10ab57dd53c659c49ed20f390a08f5e6917ddcf1df32ab51d774
-
python2-tkinter-2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9.x86_64.rpm
sha:1535d1b515e2e2ecdd61bb6b26dfd905fb8b58edc6beb488a3ea8964e5a157c6
-
python2-tools-2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9.x86_64.rpm
sha:42e0ac313a01c5dff3256be437ed871d878baaf89be8ba57c8c32f9d6f6a6c97
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
