[CLSA-2026:1779886202] python3.9: Fix of 4 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-05-27 14:06:00 UTC
Description:
- CVE-2026-0672: reject control characters in http.cookies.Morsel keys/values - CVE-2026-3644: extend control-character rejection to Morsel.update(), |=, and __setstate__ - CVE-2026-4224: avoid unbound C recursion in pyexpat conv_content_model for deeply nested DTDs - CVE-2026-1502: reject CR/LF in HTTP tunnel request headers and tunnel host
Updated packages:
  • python-unversioned-command-3.9.21-2.el9_6.2.tuxcare.els9.noarch.rpm
    sha:2a8800c3473a8fc7b964f880c7c44181c46ea131478fc323ea490e3e870323bd
  • python3-3.9.21-2.el9_6.2.tuxcare.els9.i686.rpm
    sha:d3ea85b152339cddc2ee45517f5d7e8b567f04ad2d87ee0e1878183b6b9d8f5d
  • python3-3.9.21-2.el9_6.2.tuxcare.els9.x86_64.rpm
    sha:dccc607d97c43f596c8030f08acd178214c37c485a0fe3e732e6aff82ea7d0ab
  • python3-debug-3.9.21-2.el9_6.2.tuxcare.els9.i686.rpm
    sha:db8e90e763dc9ebd2411e4e1dc3096fd4d3b70441d62f878c45e14f095a2d074
  • python3-debug-3.9.21-2.el9_6.2.tuxcare.els9.x86_64.rpm
    sha:4324a2fbeba788494fcbc4f10f445f704472e14f1a517e4c72dbd2e624b995a9
  • python3-devel-3.9.21-2.el9_6.2.tuxcare.els9.i686.rpm
    sha:daff54954ff54edae8d7dbb8ff29abb88423ed3247dd729de8ae9dcedce08c2e
  • python3-devel-3.9.21-2.el9_6.2.tuxcare.els9.x86_64.rpm
    sha:1477b5d978f3b5556b36699bbf7471e430b97b513ee002495f1225a8afc2c715
  • python3-idle-3.9.21-2.el9_6.2.tuxcare.els9.i686.rpm
    sha:796113680282ffc41afb19f29c12c495cb3a571697c8036d07bb0596711c8aa6
  • python3-idle-3.9.21-2.el9_6.2.tuxcare.els9.x86_64.rpm
    sha:a77abc45ed2c37d99cc80a2a265763fb46ee3f567cf967cbcf05405490da98c0
  • python3-libs-3.9.21-2.el9_6.2.tuxcare.els9.i686.rpm
    sha:55938c06df287a38fe0d94e6358824e8aff56ec9485586c6c0416ffb3deb920c
  • python3-libs-3.9.21-2.el9_6.2.tuxcare.els9.x86_64.rpm
    sha:0a5705721272341db22a0a17ec96b4f5817a0380a9a7b11aa2881a5e69b857ea
  • python3-test-3.9.21-2.el9_6.2.tuxcare.els9.i686.rpm
    sha:d4303ac5314ff341eb1106c1a2f54b082e54356f6b2bf593a7b08acdcda8116e
  • python3-test-3.9.21-2.el9_6.2.tuxcare.els9.x86_64.rpm
    sha:be9bfc25b6b57d865c33d70c63253d9cc0d96af076c7435d600dba2080df11a4
  • python3-tkinter-3.9.21-2.el9_6.2.tuxcare.els9.i686.rpm
    sha:1073c10a4fcc203021a62c982bd3e258960544f23b67f8930d8c87f2212062d8
  • python3-tkinter-3.9.21-2.el9_6.2.tuxcare.els9.x86_64.rpm
    sha:d524fdab4b0cca31eb07391310c75c13af23b99f3806b4cc6530864d8564a505
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.