Release date:
2026-05-22 15:32:22 UTC
Description:
- CVE-2026-4224: Modules/pyexpat.c conv_content_model could overflow the
C stack when an Expat parser with a registered ElementDeclHandler
parsed a deeply nested DTD content model, causing a denial-of-service.
Wrap conv_content_model with Py_EnterRecursiveCall so deep nesting
raises RuntimeError instead of crashing.
- CVE-2026-0672 + CVE-2026-3644: Lib/Cookie.py Morsel accepted control
characters in reserved-attribute values, in key/value/coded_value
via .set(), and via the inherited dict.update() / pickle restoration
paths, allowing newline-based HTTP header injection via Set-Cookie.
Add a _has_control_character helper and validate at Morsel.__setitem__,
.setdefault, .set, an explicit .update, an explicit .__setstate__, plus
re-validate the assembled output in Morsel.js_output and
BaseCookie.output (defence-in-depth against direct attribute mutation).
The py3 __ior__ hunk is not ported (py2 dict has no `|=` operator).
Updated packages:
-
alt-python27-2.7.18-32.el9.x86_64.rpm
sha:9fc18ce7c1a51d36e6f94bba824d4bde3156b9092da35306df44b780b9d44f98
-
alt-python27-debug-2.7.18-32.el9.x86_64.rpm
sha:700703850e541f4a84dca68518cb0e1f1a6a076576d2f94d664712de4c1d9a5e
-
alt-python27-devel-2.7.18-32.el9.x86_64.rpm
sha:cffc69818360851d0bd26fced700b2b4e0eb0b49a195d0bc4c0dd845dcf15944
-
alt-python27-libs-2.7.18-32.el9.x86_64.rpm
sha:c84c3d06350a5bab7c7f35b9d057278fbf91732d2b9b4495a776fc6444a1d8b0
-
alt-python27-test-2.7.18-32.el9.x86_64.rpm
sha:5343dc39197f8ff371dab5034f8aa9002327da14c4f0ded21a4e1b9405d452c3
-
alt-python27-tkinter-2.7.18-32.el9.x86_64.rpm
sha:77d0622a1886840ef64f69c4eff89f056c04fb2113b7340c5284f3584b8dc881
-
alt-python27-tools-2.7.18-32.el9.x86_64.rpm
sha:ed5460ebbeda185d4a8840c07529158057c7df70f6b60a41693cec213a67f322
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
