[CLSA-2026:1782490405] python3: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-06-26 16:13:43 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies Morsel keys, values, and parameters (and in BaseCookie.output) to prevent HTTP header injection via user-controlled cookie data - CVE-2026-3644: follow-up to CVE-2026-0672, rejecting control characters in the http.cookies.Morsel paths the original fix missed (update(), the |= operator, and unpickling) and validating Morsel.js_output() output - CVE-2026-4224: guard conv_content_model() in pyexpat against unbounded C recursion when an ElementDeclHandler parses a deeply nested inline DTD content model, raising RecursionError instead of crashing the interpreter
CVEs fixed:
Updated packages:
  • platform-python-3.6.8-62.el8.tuxcare.els14.i686.rpm
    sha:bcfc5b05fe0a282e85abe184b35a0b93c8053ca27ea06988277e9f5e6d8d5848
  • platform-python-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:ab44aeaf90a6be6a43d065af4524451ce6c3988988b5e83b1584ce924f700cd9
  • platform-python-debug-3.6.8-62.el8.tuxcare.els14.i686.rpm
    sha:8c89928dbe8ee4c034fff9b5c9b83c7a07c346f8d7120061e11651bd18af59f1
  • platform-python-debug-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:bf33f57cf4c65a65699529a8e20b841ff4743e78e6dca3a6e163c401fd13f78a
  • platform-python-devel-3.6.8-62.el8.tuxcare.els14.i686.rpm
    sha:9912e3486161cd6473a2bcb15656ec90a0ab6dc53a3e3cfe782b21a6f1ddfeeb
  • platform-python-devel-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:d8f802b1c24ddb086f87dfdc0fa38ee8503e9e554bcb42bd45d53839365831f9
  • python3-devel-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:742885f22fa759bab2b760b9d8f762aa6f7d660bee3138914dc02a38b4832b30
  • python3-idle-3.6.8-62.el8.tuxcare.els14.i686.rpm
    sha:9ca483f199dab4a094864d085b658a0913fd498c9818d2de2c92e59988e9ecb4
  • python3-idle-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:d5eb0486c8ee32d55071221caef9dac2924c96dc5819d41fc4b43ae2262bc45a
  • python3-libs-3.6.8-62.el8.tuxcare.els14.i686.rpm
    sha:c4e96b4d1c99754f06529ab1f7dca8b5198a32a1b4b22d6b9f647eb209f0335c
  • python3-libs-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:1954a76648e593f3c278076ecfcac8b7fbc4c3857fe08896a118cb4c17033036
  • python3-test-3.6.8-62.el8.tuxcare.els14.i686.rpm
    sha:74dab75c6ffaa5cd712a8afb13b68999c5648ff8a9471b4d56acd6a47ffb2ac7
  • python3-test-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:8476062ee1fbe1929307cb1dbd96816cf72122aa7902df9c27b26d42641b3e7a
  • python3-tkinter-3.6.8-62.el8.tuxcare.els14.i686.rpm
    sha:500e998a6adc33bb33d4e59ec068891aa8cd1169b39fc58ce2c959667a33fe64
  • python3-tkinter-3.6.8-62.el8.tuxcare.els14.x86_64.rpm
    sha:78cb8f85a2a113efae8cf30801ccaeafc375ba568928083b4502304fcb67c74d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.