Release date:
2026-06-16 14:31:34 UTC
Description:
* SECURITY UPDATE: Control characters not rejected in Cookie module (HTTP header injection)
- debian/patches/CVE-2026-0672.patch: add _has_control_character() helper and
reject control characters in Morsel.__setitem__(), Morsel.set() and
BaseCookie.output() in Lib/Cookie.py, plus regression tests in
Lib/test/test_cookie.py
- CVE-2026-0672
* SECURITY UPDATE: Incomplete rejection of control characters in Cookie module
- debian/patches/CVE-2026-3644.patch: add control character validation to
Morsel.update() and Morsel.js_output() in Lib/Cookie.py
- CVE-2026-3644
* SECURITY UPDATE: C stack overflow via deeply nested inline DTD content model in pyexpat
- debian/patches/CVE-2026-4224.patch: add Py_EnterRecursiveCall/Py_LeaveRecursiveCall
guards to conv_content_model() in Modules/pyexpat.c to prevent unbounded C recursion
when ElementDeclHandler is registered
- CVE-2026-4224
Updated packages:
-
idle-python2.7_2.7.18-1~20.04.7+tuxcare.els3_all.deb
sha:9cd9be48493a895b4865e22c553fe7a0526c0143
-
libpython2.7_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
sha:60d1e7438104cffcda7810a6ec415165dff9e8d3
-
libpython2.7-dev_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
sha:36e04dbc013f50379b3333bc66c1a40fcbf337ee
-
libpython2.7-minimal_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
sha:f210a2f0e068115292213c70eeac05a630007e78
-
libpython2.7-stdlib_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
sha:7f6ce02c9dc39618cfae88eac2a193a275272a37
-
libpython2.7-testsuite_2.7.18-1~20.04.7+tuxcare.els3_all.deb
sha:b42492599598bbf444d04524e8c57a2a0a71ba95
-
python2.7_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
sha:50830a6fde6d4a02cc7f7a8312da6c3c3ce16683
-
python2.7-dev_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
sha:dfafa134af3f21fcad82a84abd7d1d34df541ceb
-
python2.7-doc_2.7.18-1~20.04.7+tuxcare.els3_all.deb
sha:50569b934cefd963de3a7c0cfcb02ca0ea8bffd2
-
python2.7-examples_2.7.18-1~20.04.7+tuxcare.els3_all.deb
sha:0dbef4c1e171061cc6003e686824f600c23dea9c
-
python2.7-minimal_2.7.18-1~20.04.7+tuxcare.els3_amd64.deb
sha:69f2fb4cd326599a988c38796ec4a8548432af84
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.