[CLSA-2026:1781528783] python3: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-06-15 20:44:57 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies.Morsel fields and values - CVE-2026-3644: complete CVE-2026-0672 fix: reject control chars in Morsel.update(), |=, unpickling and js_output() - CVE-2026-4224: avoid unbound C recursion in pyexpat conv_content_model to prevent C stack overflow - CVE-2025-13462: skip TarInfo AREGTYPE->DIRTYPE normalization on GNU longname/longlink follow-up headers in tarfile
CVEs fixed:
Updated packages:
  • python3-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:5e9e88413b6cabbd0ce6364420d111ec2d79eebc49595e4699687bdb518d604a
  • python3-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:babe47cd77c39f740992c1d764274402dcc41a1baa4d948308f765410643190b
  • python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:db3e2e82e9ea3de7375e0225201c5cba737c72b4c570068add1f31481ddd401c
  • python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:82d5e01c31c050d3338f15f8c450260d2095fda195550f77cbc50094a4a01f08
  • python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:d4b7066d52ecd408969d6c4b4b94c5ce4e48b3f48557c9dd24c6359b3f6d3cd8
  • python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:bfe1f970f65a39e9bff74f825602093a8276f0891fd79238e3d1b7d684252233
  • python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:53176d0be212d10c0b9f89853a09ef60677e7b40adbd36024acf17f4c7a57037
  • python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:07162c315557a4c3530de7ac2e110b03364925497341745937c2d4a48823034d
  • python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:44c23bcd1da611031b733e5c040738cd41eb29fcf3892a756f106df68e252c91
  • python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:ceb49b3af610c411ede7332f39072d9d142e3e87bb0bf681dc83ae01c118cf41
  • python3-test-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:ccb8064a642f60b2cc724392e438b496bc46a4bc3daff4579e6c30fd4c24b875
  • python3-test-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:e512c1f96eab4ab206b882004be47a96d02c796cb79ffd01ae9e9f9d361ffa24
  • python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:32e8eb98942bc8dec5a1b0710e78d105b64f75b893b5a29abe7cc4083d91afff
  • python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:82c4132b0335341a075b00c0f68c5d60851cf09460b52c74b6c979ffac9a6e3b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.