[CLSA-2026:1781526208] python3: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-06-22 13:52:51 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies.Morsel fields and values - CVE-2026-3644: complete CVE-2026-0672 fix: reject control chars in Morsel.update(), |=, unpickling and js_output() - CVE-2026-4224: avoid unbound C recursion in pyexpat conv_content_model to prevent C stack overflow - CVE-2025-13462: skip TarInfo AREGTYPE->DIRTYPE normalization on GNU longname/longlink follow-up headers in tarfile
CVEs fixed:
Updated packages:
  • python3-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:27f7bcb4917c32e567717607470343df54fb8f0945ef0adb62f9e401289ec384
  • python3-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:f4164e70dcdeddb5716f3060d20a0f67a6f20101c7f6fe34b25dd526d61b8b0c
  • python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:92b03b304e4877e751440819fce4001691309330cdb2edfc41037bbc5a8c5b09
  • python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:56cda757d8a7c58ed87431ad7f2bd95ab6c286a8f2b75a7540084dc1d023ac8f
  • python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:c5d9fa73c6442a88f016b1d564ba2c9e7597fc33d694ee8ba0556b3cef8ae6c0
  • python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:d411313ed9d44caf36a38c1fea7e40bd5cd85cb5895d895a5517f550738ae93c
  • python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:8bf06272f34ced7a7c06eb152a9ba2d98b5546f22ce25a5bf63077b92dbfd742
  • python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:699e8065e742f7de5796d7f89ae9b387104c6c08cd9b60f877ede147791f7c8d
  • python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:0b71fd59c02dc2af1b5e1ad69d62d1f2862dcab9857c361ba5271106b377d675
  • python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:f01dd522529cfb0dc8d9ccdadb9211c86ee4dd20d68524ad19df4291c41667ca
  • python3-test-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:c26bd0e7dfcdd7e6480e8aa55e4b98ff79d4f7c89603a5973b39291e9a3112ef
  • python3-test-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:6691521fe4ac2ebc3a055423e59ca980954e351d14b552661f688e8386bbd795
  • python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:6c1dcf7f656fbd6032cefd81775a71a8a035f6ff91defdd15cd6b5de18965faf
  • python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:eee86489632b9479e8a8b71a92b94e31f66766d27fab176e8e95209e7800fbd2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.