Release date:
2026-05-11 08:49:20 UTC
Description:
- CVE-2026-6100: defensively null bzs->next_in on the error path of
BZ2Decomp_decompress to align with upstream; the UAF window does
not exist in Python 2.7 (next_in is reassigned at function entry,
lzma/gzip are not C extensions)
Updated packages:
-
python2-2.7.18-17.module_el8+2394+f902ce48.tuxcare.els10.x86_64.rpm
sha:6bafa50d7cfdf0c27cf2c1f08eef07d944947cabec3608d8b50c39cd87ea2bb5
-
python2-debug-2.7.18-17.module_el8+2394+f902ce48.tuxcare.els10.x86_64.rpm
sha:9b8691a888f79957d187e4bdd02f6efb422b69d87dc3ae80a8fb7e51312c07b4
-
python2-devel-2.7.18-17.module_el8+2394+f902ce48.tuxcare.els10.x86_64.rpm
sha:434a222940cf19feef53a0192bf06bf97c5f7c9e65a9e92496bf5a82a594e688
-
python2-libs-2.7.18-17.module_el8+2394+f902ce48.tuxcare.els10.x86_64.rpm
sha:898aacd05afdca4c2aa833b5e9bee2a70415385e20f3312e1aefba13d80858ce
-
python2-test-2.7.18-17.module_el8+2394+f902ce48.tuxcare.els10.x86_64.rpm
sha:3449498482095491b016ffd1ae691f43c9eaa32f13764210241b50ccd874c627
-
python2-tkinter-2.7.18-17.module_el8+2394+f902ce48.tuxcare.els10.x86_64.rpm
sha:144cd5deadc0e68044e113739b642ecdc637d2096ed25c041f8f1d73460a4c7b
-
python2-tools-2.7.18-17.module_el8+2394+f902ce48.tuxcare.els10.x86_64.rpm
sha:4aaff211892d362c447b4bee903a91a3a19ea16b673debc6ebc6c6a3a92a2d08
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
