Release date:
2026-06-22 14:38:15 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies Morsel keys,
values, and parameters (and in BaseCookie.output) to prevent HTTP header
injection via user-controlled cookie data
- CVE-2026-3644: follow-up to CVE-2026-0672, rejecting control characters
in the http.cookies.Morsel paths the original fix missed (update(), the
|= operator, and unpickling) and validating Morsel.js_output() output
- CVE-2026-4224: guard conv_content_model() in pyexpat against unbounded C
recursion when an ElementDeclHandler parses a deeply nested inline DTD
content model, raising RecursionError instead of crashing the interpreter
Updated packages:
-
platform-python-3.6.8-42.el8.tuxcare.els22.i686.rpm
sha:51f436a4032026b812c3f19a8d4887d29fed13be2e3b164b5699f8fed01791d0
-
platform-python-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:c6ffeabff3db942f2e2e01610da1822f82051f75359ed0247bdbeada6f66723f
-
platform-python-debug-3.6.8-42.el8.tuxcare.els22.i686.rpm
sha:5d6cf5a68323a99550919b3983734a6df00d2df15db7e9227a123759772b8e59
-
platform-python-debug-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:1e346ba9607ea0bfdb5d3e53f6febd2d07563b22226edf641f31e9951db25372
-
platform-python-devel-3.6.8-42.el8.tuxcare.els22.i686.rpm
sha:1d688ef6df215539c438ae439f558e579c950efcd6ad6a071baa96a26d043bea
-
platform-python-devel-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:ed3264e1397c6f12acef1f644eb1d47cf2a864fd4c3cfc60391c2826bd926a40
-
python3-devel-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:9225c2a6f801384cf17f009201f31593997db03f3b398d118aa314352eb1b52f
-
python3-idle-3.6.8-42.el8.tuxcare.els22.i686.rpm
sha:c5b667da9cdb993e238836a08fd3d7221701666793ef02a3123a3aae158cf6b2
-
python3-idle-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:724f15b0a1885663f1418543349a1f49943ab8d5f249b7c4851ecd2322f2f5ef
-
python3-libs-3.6.8-42.el8.tuxcare.els22.i686.rpm
sha:a8897b93559413cf25ac9f5e05fbe5ea60541a63db29644197a14b6aad850df4
-
python3-libs-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:949c4eae6b504aa9056a8abcbc912756e4285aa7e59d5efdf44f88a044365d78
-
python3-test-3.6.8-42.el8.tuxcare.els22.i686.rpm
sha:54717a620d6edbd2d50ea69a79376ffcde74907facfee9f68d81c43d64ee9085
-
python3-test-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:174d579931d9283c05aa9f5de10315b519df2fc41ffd8ea063d5082f8ee687d8
-
python3-tkinter-3.6.8-42.el8.tuxcare.els22.i686.rpm
sha:d58486c0ce30d79d28809a5470d1dfcf95f3092f9929b31a66428dace540fde7
-
python3-tkinter-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
sha:b96ab73eaf3c9a0f1fb2f794eb363e803f76ba73e7cea5e0651f1f0cef4bb0f3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.