{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation\n- CVE-2025-6069: fix quadratic complexity in HTMLParser\n- CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler\n- CVE-2026-2297: ensure SourcelessFileLoader uses io.open_code\n- CVE-2026-3479: reject invalid resource arguments in pkgutil.get_data()\n- CVE-2025-1795: fix email header list separator incorrectly encoded during\n folding\n- CVE-2026-0672: reject control characters in http cookies\n- CVE-2025-15282: reject control characters in data URL mediatypes\n- CVE-2026-3644: reject control characters in http.cookies.Morsel.update(), |=,\n unpickling, and js_output()\n- CVE-2026-4224: avoid unbound C recursion in conv_content_model in pyexpat.c\n- CVE-2025-11468: preserve parens when folding email comments to prevent header\n injection", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1776330599.json" } ], "tracking": { "current_release_date": "2026-04-16T09:13:33Z", "generator": { "date": "2026-04-16T09:13:33Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776330599", "initial_release_date": "2026-04-16T09:13:33Z", "revision_history": [ { "date": "2026-04-16T09:13:33Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "python3.9: Fix of 11 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product": { "name": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_id": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-debug@3.9.16-1.el9_2.2.tuxcare.els22?arch=i686" } } }, { "category": "product_version", "name": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product": { "name": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_id": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-tkinter@3.9.16-1.el9_2.2.tuxcare.els22?arch=i686" } } }, { "category": "product_version", "name": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product": { "name": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_id": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-libs@3.9.16-1.el9_2.2.tuxcare.els22?arch=i686" } } }, { "category": "product_version", "name": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product": { "name": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_id": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-test@3.9.16-1.el9_2.2.tuxcare.els22?arch=i686" } } }, { "category": "product_version", "name": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product": { "name": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_id": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-idle@3.9.16-1.el9_2.2.tuxcare.els22?arch=i686" } } }, { "category": "product_version", "name": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product": { "name": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_id": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3@3.9.16-1.el9_2.2.tuxcare.els22?arch=i686" } } }, { "category": "product_version", "name": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product": { "name": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_id": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-devel@3.9.16-1.el9_2.2.tuxcare.els22?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product": { "name": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_id": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-debug@3.9.16-1.el9_2.2.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product": { "name": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_id": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-tkinter@3.9.16-1.el9_2.2.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product": { "name": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_id": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-libs@3.9.16-1.el9_2.2.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product": { "name": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_id": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-test@3.9.16-1.el9_2.2.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product": { "name": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_id": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-idle@3.9.16-1.el9_2.2.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product": { "name": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_id": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3@3.9.16-1.el9_2.2.tuxcare.els22?arch=x86_64" } } }, { "category": "product_version", "name": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product": { "name": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_id": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-devel@3.9.16-1.el9_2.2.tuxcare.els22?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "product": { "name": "python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "product_id": "python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-unversioned-command@3.9.16-1.el9_2.2.tuxcare.els22?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686" }, "product_reference": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" }, "product_reference": "python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686" }, "product_reference": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" }, "product_reference": "python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686" }, "product_reference": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" }, "product_reference": "python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686" }, "product_reference": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" }, "product_reference": "python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" }, "product_reference": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686" }, "product_reference": "python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" }, "product_reference": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686" }, "product_reference": "python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch" }, "product_reference": "python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" }, "product_reference": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686" }, "product_reference": "python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-4516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-4516" } ], "release_date": "2025-05-15T13:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-15282", "cwe": { "id": "CWE-93", "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')" }, "notes": [ { "category": "description", "text": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-15282" } ], "release_date": "2026-01-20T21:35:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-3644", "cwe": { "id": "CWE-791", "name": "Incomplete Filtering of Special Elements" }, "notes": [ { "category": "description", "text": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-3644" } ], "release_date": "2026-03-16T17:37:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-2297", "cwe": { "id": "CWE-778", "name": "Insufficient Logging" }, "notes": [ { "category": "description", "text": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-2297" } ], "release_date": "2026-03-04T22:10:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-3479", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-3479" } ], "release_date": "2026-03-18T18:13:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-4224", "cwe": { "id": "CWE-805", "name": "Buffer Access with Incorrect Length Value" }, "notes": [ { "category": "description", "text": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-4224" } ], "release_date": "2026-03-16T17:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-0672", "cwe": { "id": "CWE-93", "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')" }, "notes": [ { "category": "description", "text": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-0672" } ], "release_date": "2026-01-20T21:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-8291", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "description", "text": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-8291" } ], "release_date": "2025-10-07T18:10:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-6069", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "notes": [ { "category": "description", "text": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-6069" } ], "release_date": "2025-06-17T13:39:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-1795", "cwe": { "id": "CWE-168", "name": "Improper Handling of Inconsistent Special Elements" }, "notes": [ { "category": "description", "text": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-1795" } ], "release_date": "2025-02-28T18:59:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-11468", "cwe": { "id": "CWE-140", "name": "Improper Neutralization of Delimiters" }, "notes": [ { "category": "description", "text": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11468" } ], "release_date": "2026-01-20T21:09:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T09:10:05.552368Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599", "product_ids": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776330599" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:python-unversioned-command-0:3.9.16-1.el9_2.2.tuxcare.els22.noarch", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-debug-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-devel-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-idle-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-libs-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-test-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.i686", "AlmaLinux-9.2:python3-tkinter-0:3.9.16-1.el9_2.2.tuxcare.els22.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }