[CLSA-2026:1778538347] python: Fix of 2 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-05-11 22:25:58 UTC
Description:
- CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the legacy '(?:.*,)*' prefix is replaced with the upstream-3.x form '(?:^|,)' and the scheme charset excludes ',' to prevent quadratic backtracking on crafted WWW-Authenticate headers - CVE-2021-23336: stop accepting ';' as a default query-string separator in urlparse.parse_qs/parse_qsl and cgi.parse* / FieldStorage; only '&' is used by default, with an opt-in 'separator' kwarg for callers that need legacy behavior - Additional tests for CVE-2021-23336: drop obsolete legacy-';' entries from Lib/test/test_cgi.py parse_strict_test_cases
Updated packages:
  • python-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
    sha:c146a448ac1ec02ded64649570851c8f808e49f6620eadf2c82c940f86713416
  • python-debug-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
    sha:30286d1b1a4a9ff7495b1ea69239666deaac2da72c2cde02fd8489e9577da4ca
  • python-devel-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
    sha:207e1168b644cfd9ce051094b935e9ae3bbe23fefed2725a43a1c13080481749
  • python-libs-2.7.5-94.0.1.el7_9.tuxcare.els8.i686.rpm
    sha:84b58ac8fb2aa4af9802757d6b7b821cf70fcd34f01d0fb904a67eea2dc491fd
  • python-libs-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
    sha:6c07733492cda1f75f008f2029cf2e55a97f4ad0f48700ac99668f5097ca18ef
  • python-test-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
    sha:0e1e23ea9e637a0dd017c4db54e112d8d6758391ffd395d73bb83038164cea62
  • python-tools-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
    sha:661e19c438f05addecd251205f10919b4e114701e82e4e6e5b236e54d972e6f9
  • tkinter-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
    sha:ca1ad3c04c8ad0e284c716abcefd00e384dabd0c5975e8b737bd97bd4d5b95a2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.