[CLSA-2026:1782159334] python3: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-06-24 09:18:00 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies Morsel keys, values, and parameters (and in BaseCookie.output) to prevent HTTP header injection via user-controlled cookie data - CVE-2026-3644: follow-up to CVE-2026-0672, rejecting control characters in the http.cookies.Morsel paths the original fix missed (update(), the |= operator, and unpickling) and validating Morsel.js_output() output - CVE-2026-4224: guard conv_content_model() in pyexpat against unbounded C recursion when an ElementDeclHandler parses a deeply nested inline DTD content model, raising RecursionError instead of crashing the interpreter
Updated packages:
  • platform-python-3.6.8-40.el8_4.tuxcare.els22.i686.rpm
    sha:b231f8dad3a0c982a8e074db58bb09cdc44990e48468ec63161d162bb43a5bab
  • platform-python-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:ad176b2926e2374312d9b154e93f889f1aa4cc602b777714e80cb90e55c7269c
  • platform-python-debug-3.6.8-40.el8_4.tuxcare.els22.i686.rpm
    sha:9c2dddf1036f8cfc69d071f4ecc45e0a1ceba8668d192df40b0ad62da3dd828c
  • platform-python-debug-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:d10da06a9bfeba13034d66b210d7e8e86cbfc3406ebdd70e347b27a776936f03
  • platform-python-devel-3.6.8-40.el8_4.tuxcare.els22.i686.rpm
    sha:ed56aa15da514cb2d3467bd217d9c545aa318573bcaf0130176ae599b0ecd255
  • platform-python-devel-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:3af4bf1febbe8f9e975516f9d9833366e51862dd6c69d09f11e6c9a427947869
  • python3-devel-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:e6a070e886ecd0c3c90ea33042199607dccb246e82d205983ba1be7148a96a39
  • python3-idle-3.6.8-40.el8_4.tuxcare.els22.i686.rpm
    sha:6e9c002a12caac70b6a4263ee8ba08a41615f5d3ef744f79b94f222f7b075e94
  • python3-idle-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:ec506d89b1bb67cb2962e7e7cb3d5a29b54636d101e59ea1421fa8f1e2556ea5
  • python3-libs-3.6.8-40.el8_4.tuxcare.els22.i686.rpm
    sha:24e5600598a47b77b924f7319203fb34e187a4d4b047b1c380eb3067b2a2afdc
  • python3-libs-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:a0a043df89268052b3709ab44a37c63ea3b25dd18feff1b6825c5165c2bbe984
  • python3-test-3.6.8-40.el8_4.tuxcare.els22.i686.rpm
    sha:b5ee006ca561bd355977ccaf662e6026530c59fd811c933b72c8f896ef2c0ab2
  • python3-test-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:e542b565d581c80f3b754e8474ba0c039b86c2c4286d0544b1313ac6a2907819
  • python3-tkinter-3.6.8-40.el8_4.tuxcare.els22.i686.rpm
    sha:6c4c967428b56c00b2266b17856c1725bb08521b24c9e7e3a1413b58e39a4b93
  • python3-tkinter-3.6.8-40.el8_4.tuxcare.els22.x86_64.rpm
    sha:2bc5ad6b05c9704776cc8f7834cba1a49305870a44f7a68d8215a14da0addfd9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.