[CLSA-2026:1778129970] python3.11: Fix of 7 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-05-07 04:59:39 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies cookie names, values, and parameters to prevent header injection - CVE-2026-3644: reject control characters in Morsel.update(), |= operator, and unpickling paths missed by CVE-2026-0672; add output validation to BaseCookie.js_output() - CVE-2026-2297: ensure SourcelessFileLoader uses io.open_code so sys.audit handlers fire for legacy .pyc imports - CVE-2025-8291: validate ZIP64 End of Central Directory locator offset to prevent ZIP archive parser confusion - CVE-2025-6069: fix quadratic complexity in html.parser.HTMLParser when processing crafted malformed inputs - CVE-2025-4516: fix use-after-free in unicode-escape decoder when an error handler is invoked - CVE-2025-1795: stop incorrectly RFC 2047 encoding the comma separator when an address list is folded
Updated packages:
  • python3.11-3.11.2-2.el9_2.2.tuxcare.els23.i686.rpm
    sha:c645e10fa747a0526636db8bca3b9c1673d6807c98681656737c4f03aaab0de9
  • python3.11-3.11.2-2.el9_2.2.tuxcare.els23.x86_64.rpm
    sha:21345ffd3a2710e57fe2e30d2dcc192ed6b9a9637203bedcb091b61a6f63a6e8
  • python3.11-debug-3.11.2-2.el9_2.2.tuxcare.els23.i686.rpm
    sha:d32526a0cec971aceecc16a12784fa062d438c0b7163b30d6dfeb7720364525a
  • python3.11-debug-3.11.2-2.el9_2.2.tuxcare.els23.x86_64.rpm
    sha:833524d8990bc2d9f18323175e4e7d64b393df1a5fa2132ac60c0d66bd4082c6
  • python3.11-devel-3.11.2-2.el9_2.2.tuxcare.els23.i686.rpm
    sha:526b6ff8f2f116cdf4560597af17128a4d6ff93e9b9ae0a36c3037a613cd3809
  • python3.11-devel-3.11.2-2.el9_2.2.tuxcare.els23.x86_64.rpm
    sha:d0c5dc82eab57c7677551f3954bfb6e2dea95abc8f0f3078075efbf479270390
  • python3.11-idle-3.11.2-2.el9_2.2.tuxcare.els23.i686.rpm
    sha:6ca3506f239249ea1ce935582ce2805a9b0bdde7798f1b4a064cb21f18d1b616
  • python3.11-idle-3.11.2-2.el9_2.2.tuxcare.els23.x86_64.rpm
    sha:bdd64c5f98af5dc0ac49c6b3871c09b2186712be51da358222eb21c8d891dca7
  • python3.11-libs-3.11.2-2.el9_2.2.tuxcare.els23.i686.rpm
    sha:a26760308a744b00e23327a9dc15c59ba75b727d95f8c27d43615972d07d2300
  • python3.11-libs-3.11.2-2.el9_2.2.tuxcare.els23.x86_64.rpm
    sha:8d4680343bf39c93f3e2ae0dbabd9b9c52214887e1e1b400e19ef121d300dde2
  • python3.11-test-3.11.2-2.el9_2.2.tuxcare.els23.i686.rpm
    sha:40f942185b394a32471c3705216c480e20daf7a6edba22282cde57b54ca6b464
  • python3.11-test-3.11.2-2.el9_2.2.tuxcare.els23.x86_64.rpm
    sha:186516bc00119760025cfec4fe60b5e8ba7e1ddfe70ff3220ab82c29c1a2bba6
  • python3.11-tkinter-3.11.2-2.el9_2.2.tuxcare.els23.i686.rpm
    sha:08d2d8614291050448b43863ff9eb8d980b59dbeb3c521b3d77fb5a525f61f52
  • python3.11-tkinter-3.11.2-2.el9_2.2.tuxcare.els23.x86_64.rpm
    sha:da0c54a9b87ff30549cc8786901edd0d8d7bcc0626bc675f8c22fcc1a9fdeb5e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.