Release date:
2026-05-05 01:25:22 UTC
Description:
* SECURITY UPDATE: tarfile DoS via negative member offsets
- debian/patches/CVE-2025-8194.patch: validate that member offsets are
non-negative in Lib/tarfile.py.
- CVE-2025-8194
* SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes
- debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose
lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via
%action substitution in UnixBrowser.open().
- CVE-2026-4519
- CVE-2026-4786
Updated packages:
-
idle-python2.7_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_all.deb
sha:61d95e5ebdaf9c6ebc2c94f03368392bbf7db799
-
libpython2.7_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_amd64.deb
sha:b2076b6750db16a15218fd058f2fb0ebb180ed06
-
libpython2.7-dev_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_amd64.deb
sha:b0fff2444fa6bff7685baee166065ee68d79b6d7
-
libpython2.7-minimal_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_amd64.deb
sha:5496b83212247ac88e1d32e7bdaae84a101d26e5
-
libpython2.7-stdlib_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_amd64.deb
sha:3f92afd288b31d29e97a870f4b265c582303d0e3
-
libpython2.7-testsuite_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_all.deb
sha:e2685ca72ea1ab900dafe2481c637d94c094432e
-
python2.7_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_amd64.deb
sha:77f0180baf30eb95e022058dbc3e6cd22d3b62dc
-
python2.7-dev_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_amd64.deb
sha:0bb06a12ea5c8bc47f95283fa6dc82f058029244
-
python2.7-doc_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_all.deb
sha:48156c30d7e06cb29846a3c031dbcba1d6d44eee
-
python2.7-examples_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_all.deb
sha:be49f4d61ddaabe5db7ca064f0cded59df62aabe
-
python2.7-minimal_2.7.17-1~18.04ubuntu1.11+tuxcare.els12_amd64.deb
sha:d897a7ac1f918735d7f3b7bb72595339920bd81e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
