{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: defect in 'tarfile' module leads to infinite loop and\n deadlock in parsing of maliciously crafted tar archives\n - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member\n offsets are non-negative\n - CVE-2025-8194", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1772701743", "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1772701743" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_alt_python/ubuntu22.04/advisories/2026/clsa-2026_1772701743.json" } ], "tracking": { "current_release_date": "2026-03-05T09:10:41Z", "generator": { "date": "2026-03-05T09:10:41Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1772701743", "initial_release_date": "2026-03-05T09:10:41Z", "revision_history": [ { "date": "2026-03-05T09:10:41Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix CVE(s): CVE-2025-8194" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 22.04", "product": { "name": "Ubuntu 22.04", "product_id": "Ubuntu-22", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-python27-tkinter-0:2.7.18-11.amd64", "product": { "name": "alt-python27-tkinter-0:2.7.18-11.amd64", "product_id": "alt-python27-tkinter-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27-tkinter@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } }, { "category": "product_version", "name": "alt-python27-devel-0:2.7.18-11.amd64", "product": { "name": "alt-python27-devel-0:2.7.18-11.amd64", "product_id": "alt-python27-devel-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27-devel@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } }, { "category": "product_version", "name": "alt-python27-debug-0:2.7.18-11.amd64", "product": { "name": "alt-python27-debug-0:2.7.18-11.amd64", "product_id": "alt-python27-debug-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27-debug@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } }, { "category": "product_version", "name": "alt-python27-idle-0:2.7.18-11.amd64", "product": { "name": "alt-python27-idle-0:2.7.18-11.amd64", "product_id": "alt-python27-idle-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27-idle@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } }, { "category": "product_version", "name": "alt-python27-test-0:2.7.18-11.amd64", "product": { "name": "alt-python27-test-0:2.7.18-11.amd64", "product_id": "alt-python27-test-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27-test@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } }, { "category": "product_version", "name": "alt-python27-libs-0:2.7.18-11.amd64", "product": { "name": "alt-python27-libs-0:2.7.18-11.amd64", "product_id": "alt-python27-libs-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27-libs@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } }, { "category": "product_version", "name": "alt-python27-0:2.7.18-11.amd64", "product": { "name": "alt-python27-0:2.7.18-11.amd64", "product_id": "alt-python27-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } }, { "category": "product_version", "name": "alt-python27-tools-0:2.7.18-11.amd64", "product": { "name": "alt-python27-tools-0:2.7.18-11.amd64", "product_id": "alt-python27-tools-0:2.7.18-11.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python27-tools@2.7.18-11?arch=amd64&os_name=ubuntu&os_version=22.04" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-python27-tkinter-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-tkinter-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-tkinter-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-devel-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-devel-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-devel-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-debug-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-debug-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-debug-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-idle-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-idle-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-idle-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-test-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-test-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-test-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-libs-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-libs-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-libs-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-tools-0:2.7.18-11.amd64 as a component of Ubuntu 22.04", "product_id": "Ubuntu-22:alt-python27-tools-0:2.7.18-11.amd64" }, "product_reference": "alt-python27-tools-0:2.7.18-11.amd64", "relates_to_product_reference": "Ubuntu-22" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-8194", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "description", "text": "There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \nThis vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-22:alt-python27-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-debug-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-devel-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-idle-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-libs-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-test-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-tkinter-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-tools-0:2.7.18-11.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2025-8194" } ], "release_date": "2025-07-28T18:42:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-05T09:09:06.289572Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1772701743", "product_ids": [ "Ubuntu-22:alt-python27-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-debug-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-devel-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-idle-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-libs-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-test-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-tkinter-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-tools-0:2.7.18-11.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1772701743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-22:alt-python27-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-debug-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-devel-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-idle-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-libs-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-test-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-tkinter-0:2.7.18-11.amd64", "Ubuntu-22:alt-python27-tools-0:2.7.18-11.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }