Release date:
2026-04-29 09:29:28 UTC
Description:
- CVE-2026-4519: reject webbrowser.open() URLs with a leading dash to prevent
CLI option injection into the spawned browser process
- CVE-2026-4786: validate URLs after %action substitution and swap the
substitution order in UnixBrowser.open() to close a bypass of the
CVE-2026-4519 dash-prefix check
Updated packages:
-
python-2.6.6-70.el6.tuxcare.els20.i686.rpm
sha:9349968332b026f19a8c01afee56ce9ad97d039c43d01fabd39b714376598e1a
-
python-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:b6deffc08905c71ad9832d41f5d9d95a2a73b010f307279d81f1f9190a50283f
-
python-devel-2.6.6-70.el6.tuxcare.els20.i686.rpm
sha:0810c21b56e848dd5c1aabc4b7368d0203ea01881030bd065991a8e8754e3e4a
-
python-devel-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:2436a79bf969f63f135f1eb013e009bf4244435d8711ec84a358e70b6c0d1d54
-
python-libs-2.6.6-70.el6.tuxcare.els20.i686.rpm
sha:96094ac22520c4312bbacd6388294481e5f95c5df7f9b71040ba3edb19b4ec73
-
python-libs-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:628de7f32ba004ce507802a4c5afed0e6e040ed6f8e3041a4995fbb9859730e4
-
python-test-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:0e2d2ec1be6918a57073253e4fe69b5ded83d20d4c2d97c838562e3658553247
-
python-tools-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:f17e12dd093dee0dcfa6f942efe98bd1dee7313d366537386c3db400dc77fd0d
-
tkinter-2.6.6-70.el6.tuxcare.els20.x86_64.rpm
sha:ff724b8badf249c25d7e01bd09d491ccdac92d926fdfda489e53428ac54b0943
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
