[CLSA-2026:1781620276] Fix CVE(s): CVE-2026-0672, CVE-2026-3644, CVE-2026-4224
Type:
security
Severity:
Important
Release date:
2026-06-16 14:31:34 UTC
Description:
* SECURITY UPDATE: Control characters not rejected in Cookie module (HTTP header injection) - debian/patches/CVE-2026-0672.patch: add _has_control_character() helper and reject control characters in Morsel.__setitem__(), Morsel.set() and BaseCookie.output() in Lib/Cookie.py, plus regression tests in Lib/test/test_cookie.py - CVE-2026-0672 * SECURITY UPDATE: Incomplete rejection of control characters in Cookie module - debian/patches/CVE-2026-3644.patch: add control character validation to Morsel.update() and Morsel.js_output() in Lib/Cookie.py - CVE-2026-3644 * SECURITY UPDATE: C stack overflow via deeply nested inline DTD content model in pyexpat - debian/patches/CVE-2026-4224.patch: add Py_EnterRecursiveCall/Py_LeaveRecursiveCall guards to conv_content_model() in Modules/pyexpat.c to prevent unbounded C recursion when ElementDeclHandler is registered - CVE-2026-4224
Updated packages:
  • idle-python2.7_2.7.18-1~20.04.7+tuxcare.els3_all.deb
    sha:9cd9be48493a895b4865e22c553fe7a0526c0143
  • libpython2.7_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
    sha:60d1e7438104cffcda7810a6ec415165dff9e8d3
  • libpython2.7-dev_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
    sha:36e04dbc013f50379b3333bc66c1a40fcbf337ee
  • libpython2.7-minimal_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
    sha:f210a2f0e068115292213c70eeac05a630007e78
  • libpython2.7-stdlib_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
    sha:7f6ce02c9dc39618cfae88eac2a193a275272a37
  • libpython2.7-testsuite_2.7.18-1~20.04.7+tuxcare.els3_all.deb
    sha:b42492599598bbf444d04524e8c57a2a0a71ba95
  • python2.7_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
    sha:50830a6fde6d4a02cc7f7a8312da6c3c3ce16683
  • python2.7-dev_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
    sha:dfafa134af3f21fcad82a84abd7d1d34df541ceb
  • python2.7-doc_2.7.18-1~20.04.7+tuxcare.els3_all.deb
    sha:50569b934cefd963de3a7c0cfcb02ca0ea8bffd2
  • python2.7-examples_2.7.18-1~20.04.7+tuxcare.els3_all.deb
    sha:0dbef4c1e171061cc6003e686824f600c23dea9c
  • python2.7-minimal_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
    sha:69f2fb4cd326599a988c38796ec4a8548432af84
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.