Release date:
2026-05-05 16:31:54 UTC
Description:
- CVE-2025-8194: validate that tarfile member offsets are non-negative to
prevent infinite loop / DoS during parsing of malicious tar archives
- CVE-2026-4519: reject URLs with leading dashes in webbrowser.open() to
prevent injection of command-line options into spawned browser process
- CVE-2026-4786: fix bypass of CVE-2026-4519 check via %action substitution
in UnixBrowser.open() that allowed dash-prefixed URLs through
Updated packages:
-
python2-2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21.x86_64.rpm
sha:04b8354318a032dc73486df7fb825f6489ecd588ba9802c0cd34061ff1ae3c1f
-
python2-debug-2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21.x86_64.rpm
sha:51403df55c50f1952bc546eb0a6680b0194e77ec374c86c36aa741ff2af4b3c8
-
python2-devel-2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21.x86_64.rpm
sha:e1b13528861794e2ac333586cb17ee8faec4f84a81f6daa539963b21283b8f34
-
python2-libs-2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21.x86_64.rpm
sha:9e51436175d94b8817799e944aa5d8a225bdab9ee24a65aa81fc62d1b9e6a758
-
python2-test-2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21.x86_64.rpm
sha:5ceb151ff9c80a5465f73dce6cc33f2d20e26b7e9f5596afffc22a2b9c0175ee
-
python2-tkinter-2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21.x86_64.rpm
sha:439f57a371c4fb022e785e67d56c5772d26f1ba2ce6f4ed045ff9b50968e7eab
-
python2-tools-2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21.x86_64.rpm
sha:da49147cb79c306abdcce8fc3f3727c5f2da565687223fa068089925d96a67a4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
