[CLSA-2026:1782139078] python3: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-06-22 14:38:15 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies Morsel keys, values, and parameters (and in BaseCookie.output) to prevent HTTP header injection via user-controlled cookie data - CVE-2026-3644: follow-up to CVE-2026-0672, rejecting control characters in the http.cookies.Morsel paths the original fix missed (update(), the |= operator, and unpickling) and validating Morsel.js_output() output - CVE-2026-4224: guard conv_content_model() in pyexpat against unbounded C recursion when an ElementDeclHandler parses a deeply nested inline DTD content model, raising RecursionError instead of crashing the interpreter
Updated packages:
  • platform-python-3.6.8-42.el8.tuxcare.els22.i686.rpm
    sha:51f436a4032026b812c3f19a8d4887d29fed13be2e3b164b5699f8fed01791d0
  • platform-python-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:c6ffeabff3db942f2e2e01610da1822f82051f75359ed0247bdbeada6f66723f
  • platform-python-debug-3.6.8-42.el8.tuxcare.els22.i686.rpm
    sha:5d6cf5a68323a99550919b3983734a6df00d2df15db7e9227a123759772b8e59
  • platform-python-debug-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:1e346ba9607ea0bfdb5d3e53f6febd2d07563b22226edf641f31e9951db25372
  • platform-python-devel-3.6.8-42.el8.tuxcare.els22.i686.rpm
    sha:1d688ef6df215539c438ae439f558e579c950efcd6ad6a071baa96a26d043bea
  • platform-python-devel-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:ed3264e1397c6f12acef1f644eb1d47cf2a864fd4c3cfc60391c2826bd926a40
  • python3-devel-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:9225c2a6f801384cf17f009201f31593997db03f3b398d118aa314352eb1b52f
  • python3-idle-3.6.8-42.el8.tuxcare.els22.i686.rpm
    sha:c5b667da9cdb993e238836a08fd3d7221701666793ef02a3123a3aae158cf6b2
  • python3-idle-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:724f15b0a1885663f1418543349a1f49943ab8d5f249b7c4851ecd2322f2f5ef
  • python3-libs-3.6.8-42.el8.tuxcare.els22.i686.rpm
    sha:a8897b93559413cf25ac9f5e05fbe5ea60541a63db29644197a14b6aad850df4
  • python3-libs-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:949c4eae6b504aa9056a8abcbc912756e4285aa7e59d5efdf44f88a044365d78
  • python3-test-3.6.8-42.el8.tuxcare.els22.i686.rpm
    sha:54717a620d6edbd2d50ea69a79376ffcde74907facfee9f68d81c43d64ee9085
  • python3-test-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:174d579931d9283c05aa9f5de10315b519df2fc41ffd8ea063d5082f8ee687d8
  • python3-tkinter-3.6.8-42.el8.tuxcare.els22.i686.rpm
    sha:d58486c0ce30d79d28809a5470d1dfcf95f3092f9929b31a66428dace540fde7
  • python3-tkinter-3.6.8-42.el8.tuxcare.els22.x86_64.rpm
    sha:b96ab73eaf3c9a0f1fb2f794eb363e803f76ba73e7cea5e0651f1f0cef4bb0f3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.