Release date:
2026-05-05 01:20:50 UTC
Description:
* SECURITY UPDATE: tarfile DoS via negative member offsets
- debian/patches/CVE-2025-8194.patch: validate that member offsets are
non-negative in Lib/tarfile.py.
- CVE-2025-8194
* SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes
- debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose
lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via
%action substitution in UnixBrowser.open().
- CVE-2026-4519
- CVE-2026-4786
Updated packages:
-
idle-python2.7_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_all.deb
sha:5085170a7447e47d929de3e49301a09ea3b2f67f
-
libpython2.7_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_amd64.deb
sha:d186a94a1d362c700ee160ae2c6addec66df7247
-
libpython2.7-dev_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_amd64.deb
sha:ec902cdcd29d86de7718b95a43f73b51035ae022
-
libpython2.7-minimal_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_amd64.deb
sha:b40234481191fba7b6dcf95778d8b7e24bd84259
-
libpython2.7-stdlib_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_amd64.deb
sha:0244de882fb2935ee6cca783403ae336c0dada31
-
libpython2.7-testsuite_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_all.deb
sha:30ca4c17923e4fcfdd6dacf1c9f740f10f57d81e
-
python2.7_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_amd64.deb
sha:5224bab4e942d0cf8269b4aebe2a4dba730216be
-
python2.7-dev_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_amd64.deb
sha:b9e63ede4c1630ef6efe1130a0ee9c962c03717f
-
python2.7-doc_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_all.deb
sha:4b2d44f45b337fc8fa83ae19adbb4eacb6f4bc0d
-
python2.7-examples_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_all.deb
sha:e527d9b90af03226f668919583c099a3b2dd34db
-
python2.7-minimal_2.7.12-1ubuntu0~16.04.18+tuxcare.els17_amd64.deb
sha:77b68dff828fa169822a9380c4cc3ae6fe535d9e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
