[CLSA-2026:1781342809] Fix CVE(s): CVE-2025-13462, CVE-2026-0672, CVE-2026-3644, CVE-2026-4224

Type:

security

Severity:

Important

Release date:

2026-06-13 09:27:31 UTC

Description:

   * SECURITY UPDATE: C stack overflow (DoS) in pyexpat when parsing deeply
     nested DTD content models
     - debian/patches/CVE-2026-4224.patch: guard conv_content_model() in
       Modules/pyexpat.c with Py_EnterRecursiveCall/Py_LeaveRecursiveCall to
       bound recursion when a registered ElementDeclHandler converts a deeply
       nested content model.
     - CVE-2026-4224
   * SECURITY UPDATE: HTTP header injection via control characters in cookies
     - debian/patches/CVE-2026-0672.patch: reject control characters in
       Morsel.__setitem__()/set(), add a validating Morsel.setdefault()
       override, and guard BaseCookie.output() in Lib/Cookie.py.
     - CVE-2026-0672
   * SECURITY UPDATE: incomplete fix for CVE-2026-0672 (control characters in
     cookies via additional Morsel paths)
     - debian/patches/CVE-2026-3644.patch: add a validating Morsel.update()
       override and reject control characters in Morsel.js_output() in
       Lib/Cookie.py.
     - CVE-2026-3644
   * SECURITY UPDATE: tarfile member type confusion (regular file parsed as
     directory) via GNU long name/link headers
     - debian/patches/CVE-2025-13462.patch: skip the AREGTYPE->DIRTYPE
       normalization while reading GNU LONGNAME/LONGLINK and PAX follow-up
       headers (dircheck=False) in Lib/tarfile.py.
     - CVE-2025-13462

CVEs fixed:

Updated packages:

idle-python2.7_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_all.deb
sha:4ed4a322bc4c06ee4202edd8d5e176a4b6ca2ddc
libpython2.7_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_amd64.deb
sha:1f5d06e21b4a10b0cec4fcb3da6256f8cf64afab
libpython2.7-dev_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_amd64.deb
sha:6aa1e9cd24d69910e15e43419dcdc74b34ef3ad5
libpython2.7-minimal_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_amd64.deb
sha:8b7f645752313336961d85d2bfcdefc5bc5e01c5
libpython2.7-stdlib_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_amd64.deb
sha:131196086998082c577b64253e122f82883fa743
libpython2.7-testsuite_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_all.deb
sha:7a882bc6b4c8b99846efa375507307eef15a41cf
python2.7_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_amd64.deb
sha:b97ba611602e408b5db9676706cc54dcbfcd07f8
python2.7-dev_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_amd64.deb
sha:a169fc20f223fc72fef9910cdc56fd5ac136ba08
python2.7-doc_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_all.deb
sha:00926618f7cf263dbd718c621e695ea1cb76d1d3
python2.7-examples_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_all.deb
sha:a8fba2b1d44380df3def44bfd7a958a1039bdf78
python2.7-minimal_2.7.12-1ubuntu0~16.04.18+tuxcare.els19_amd64.deb
sha:a26f220fad2bec9f042f49e45e978adccee5d29d

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.