Release date:
2026-06-10 09:06:47 UTC
Description:
* SECURITY UPDATE: tarfile module misinterprets AREGTYPE blocks as
DIRTYPE when processing GNU long name or link headers
- debian/patches/CVE-2025-13462.patch: add dircheck parameter to
frombuf() and fromtarfile() and pass dircheck=False from
_proc_gnulong() and _proc_pax() to prevent AREGTYPE-to-DIRTYPE
normalisation on follow-up headers in Lib/tarfile.py,
Lib/test/test_tarfile.py
- CVE-2025-13462
Updated packages:
-
idle-python2.7_2.7.18-1~20.04.7+tuxcare.els2_all.deb
sha:dbd0d751b000c9fe2ba712d3d71ece24e55edd06
-
libpython2.7_2.7.18-1~20.04.7+tuxcare.els2_amd64.deb
sha:6738a7c122670eba7422158e001edb9e30f26a8b
-
libpython2.7-dev_2.7.18-1~20.04.7+tuxcare.els2_amd64.deb
sha:d7ae3160537310897825bcaba8d1860e002914f5
-
libpython2.7-minimal_2.7.18-1~20.04.7+tuxcare.els2_amd64.deb
sha:e4262d3c95fdb1f329f3ffdaeec0af4fc72fabac
-
libpython2.7-stdlib_2.7.18-1~20.04.7+tuxcare.els2_amd64.deb
sha:063a34a9e9ff9b6ae27646ea7ec8457cc61ef994
-
libpython2.7-testsuite_2.7.18-1~20.04.7+tuxcare.els2_all.deb
sha:1cd47483de64b96056d6f9ebcdd596378ccaa05e
-
python2.7_2.7.18-1~20.04.7+tuxcare.els2_amd64.deb
sha:00c291f6a414b4a72237dee2f20da78fa3f0b5fe
-
python2.7-dev_2.7.18-1~20.04.7+tuxcare.els2_amd64.deb
sha:891e9213db7bffedca989823f1616b4161b99228
-
python2.7-doc_2.7.18-1~20.04.7+tuxcare.els2_all.deb
sha:42b9ffe95ea1fa8369f50f456e84c3489943fa4e
-
python2.7-examples_2.7.18-1~20.04.7+tuxcare.els2_all.deb
sha:bd70c2563bb1dd517f235900f28c511ba036f0d7
-
python2.7-minimal_2.7.18-1~20.04.7+tuxcare.els2_amd64.deb
sha:0d820e76ff2957db39e64f8e8b4bd20c631df402
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
