Release date:
2026-05-07 09:15:23 UTC
Description:
- CVE-2025-8194: validate that tarfile member offsets are non-negative to
prevent infinite loop / DoS during parsing of malicious tar archives
- CVE-2026-4519: reject URLs with leading dashes in webbrowser.open() to
prevent injection of command-line options into spawned browser process
- CVE-2026-4786: fix bypass of CVE-2026-4519 check via %action substitution
in UnixBrowser.open() that allowed dash-prefixed URLs through
Updated packages:
-
python2-2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22.x86_64.rpm
sha:3da77e73339d65a793785cebe875de3d3a84d3f1871ddecb22acde200efaed88
-
python2-debug-2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22.x86_64.rpm
sha:ea421d214ba7d592a59801954965915ea0a60d92c2c402ac4c636b04559d1266
-
python2-devel-2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22.x86_64.rpm
sha:a24bc4c3006f42ac6cd3ac7eff4b3f2fcec17a4a4f7d8d74945871fc77f6df55
-
python2-libs-2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22.x86_64.rpm
sha:3ef4613d372f5b9522ecd232d939ad6d9939d59665bbee9840c86023539b07cf
-
python2-test-2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22.x86_64.rpm
sha:8267ae725e45fb394309cc2860fd823d460c42737be1dc533582dbc604b6464b
-
python2-tkinter-2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22.x86_64.rpm
sha:d8e99f3b910a0e1fe4995bba90a537c4eaafd90d691f93d5a8cafc877a609119
-
python2-tools-2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22.x86_64.rpm
sha:c8cd7b6fda9a58560723175794a6f1985cc171872d1123ed6c2ad4bf8fb340d7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
