[CLSA-2026:1781525675] python3: Fix of 12 CVEs
Type:
security
Severity:
Critical
Release date:
2026-06-25 08:49:21 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies.Morsel fields and values - CVE-2026-3644: complete CVE-2026-0672 fix: reject control chars in Morsel.update(), |=, unpickling and js_output() - CVE-2026-4224: avoid unbound C recursion in pyexpat conv_content_model to prevent C stack overflow - CVE-2025-13462: skip TarInfo AREGTYPE->DIRTYPE normalization on GNU longname/longlink follow-up headers in tarfile
CVEs fixed:
Updated packages:
  • python3-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:cb3411c5a1f8b3229c610fa54d1175b282507f9a88c2561957eb5d79a2dfdb74
  • python3-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:2c534f9668046528ab5cc33fd7f0afcdb5c70056c7c000d1557820a01c924531
  • python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:567e69e5eb87d5288a85d94c8011319db9a68a120c6139fa77fa9475cb44683a
  • python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:f8644997c3e3bab93615d7219ae7a8bd816c187d069bfe56bd8527327e69d7a5
  • python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:56c311f8dc0f78d3048e87aaf24dfa68884d013c273baa43efce0847110d38ae
  • python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:1e9d681c45a458c12aa770afe764a85fd635557b2d23238be45c04b0f706a212
  • python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:8a2dda235d37ca69d4dff6a87c56fa2aa5e4ffb1c9a46d440653280010a1ef31
  • python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:358a8c5e04a37110827bd22b2bb29d6908622da52f02a18ae6c96243b6c77221
  • python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:a5e843fb15df5313943f835ba7fdea3bc65dbc885096396d788937f3eb78713f
  • python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:b1f75a2ea9bbddfd7483499b1bf97daaf9578cb680a4af55e32daaac9fce425a
  • python3-test-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:3fecc72a3c4fb5922bfaaded8b92f3f3c9412b8bb1fd62fb01919d52b4376ec6
  • python3-test-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:9540757436157379623600cdb1bb1a5d7324883aa1a1611db5ad1ba028783a64
  • python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els12.i686.rpm
    sha:831ffbb62fa91a08dbfabea0d9cbe4773db97d7086b584e4447c42ccc4209379
  • python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els12.x86_64.rpm
    sha:3a1fbb41ace73079960ac78623b985cd9918d313ee31ed04d452cec5822652fc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.