[CLSA-2026:1777545539] Fix of 6 CVEs

Type:

security

Severity:

Important

Release date:

2026-04-30 10:39:04 UTC

Description:

   * SECURITY UPDATE: fix quadratic complexity in http cookie parsing with backslash escapes
     - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in http cookie parsing with backslash escapes
     - CVE-2024-7592
   * SECURITY UPDATE: reject leading dashes in webbrowser URLs and %action substitution bypass
     - debian/patches/CVE-2026-4519.patch: reject leading dashes in webbrowser URLs and %action substitution bypass
     - CVE-2026-4519
   * SECURITY UPDATE: fix quadratic complexity in os.path.expandvars()
     - debian/patches/CVE-2025-6075.patch: fix quadratic complexity in os.path.expandvars()
     - CVE-2025-6075
   * SECURITY UPDATE: remove quadratic behavior in xml.dom.minidom node id-cache clearing
     - debian/patches/CVE-2025-12084.patch: remove quadratic behavior in xml.dom.minidom node id-cache clearing
     - CVE-2025-12084
   * SECURITY UPDATE: remove backtracking when parsing tarfile PAX headers
     - debian/patches/CVE-2024-6232.patch: remove backtracking when parsing tarfile PAX headers
     - CVE-2024-6232
   * SECURITY UPDATE: reject malformed addresses in email.utils.parseaddr / getaddresses
     - debian/patches/CVE-2023-27043.patch: reject malformed addresses in email.utils.parseaddr / getaddresses
     - CVE-2023-27043

Updated packages:

idle-python2.7_2.7.16-2+deb10u4+tuxcare.els1_all.deb
sha:a8bae23e0b15efc835c27e1b7b72d4d7f2c8e643
libpython2.7_2.7.16-2+deb10u4+tuxcare.els1_amd64.deb
sha:ccddbe25c23706a9ff4fc981554e0494882a3ad9
libpython2.7-dev_2.7.16-2+deb10u4+tuxcare.els1_amd64.deb
sha:43edc154a2a975f80f4beadec7195551d149d388
libpython2.7-minimal_2.7.16-2+deb10u4+tuxcare.els1_amd64.deb
sha:35cc20f1e5741ed73a674f9a4221a97400b326c4
libpython2.7-stdlib_2.7.16-2+deb10u4+tuxcare.els1_amd64.deb
sha:2c14c6f02c61816ad14801820f94854abdedb357
libpython2.7-testsuite_2.7.16-2+deb10u4+tuxcare.els1_all.deb
sha:c0c178d86978fe2063fa35fa8b273124a00680fd
python2.7_2.7.16-2+deb10u4+tuxcare.els1_amd64.deb
sha:269fad094eb34c9f0a124aebd18a19db7b11b939
python2.7-dev_2.7.16-2+deb10u4+tuxcare.els1_amd64.deb
sha:05a35e9375e97bda84bf00eba279da867841c315
python2.7-doc_2.7.16-2+deb10u4+tuxcare.els1_all.deb
sha:500b1b9201cd6012e10c6eae6b5420da86d47508
python2.7-examples_2.7.16-2+deb10u4+tuxcare.els1_all.deb
sha:dae7d3f5ec4a4fbe2dc1d08aa3ee8ce47b56b5a4
python2.7-minimal_2.7.16-2+deb10u4+tuxcare.els1_amd64.deb
sha:fa9416c4a4a8e2e65d3dd278c41ade5246a8a5d3

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.