{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-15366: reject control characters in IMAP commands\n- CVE-2026-1299: email: verify headers are sound in BytesGenerator", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/advisories/2026/clsa-2026_1773222843.json" } ], "tracking": { "current_release_date": "2026-03-11T09:55:20Z", "generator": { "date": "2026-03-11T09:55:20Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1773222843", "initial_release_date": "2026-03-11T09:55:20Z", "revision_history": [ { "date": "2026-03-11T09:55:20Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "python3: Fix of 2 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-idle@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-tkinter@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-devel@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-test@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/platform-python-debug@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/platform-python-devel@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/platform-python@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product": { "name": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_id": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-libs@3.6.8-62.el8.tuxcare.els6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "product": { "name": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "product_id": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-idle@3.6.8-62.el8.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "product": { "name": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "product_id": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-tkinter@3.6.8-62.el8.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "product": { "name": "python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "product_id": "python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-test@3.6.8-62.el8.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "product": { "name": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "product_id": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/platform-python-debug@3.6.8-62.el8.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "product": { "name": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "product_id": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/platform-python-devel@3.6.8-62.el8.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "product": { "name": "platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "product_id": "platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/platform-python@3.6.8-62.el8.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "product": { "name": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "product_id": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-libs@3.6.8-62.el8.tuxcare.els6?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686" }, "product_reference": "python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686" }, "product_reference": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-test-0:3.6.8-62.el8.tuxcare.els6.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686" }, "product_reference": "python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686" }, "product_reference": "platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686" }, "product_reference": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "platform-python-0:3.6.8-62.el8.tuxcare.els6.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686" }, "product_reference": "platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686" }, "product_reference": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64" }, "product_reference": "python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-6232", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "notes": [ { "category": "description", "text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-6232" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", "url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", "url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", "url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", "url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/121285", "url": "https://github.com/python/cpython/issues/121285" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/121286", "url": "https://github.com/python/cpython/pull/121286" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/09/03/5", "url": "http://www.openwall.com/lists/oss-security/2024/09/03/5" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0007/", "url": "https://security.netapp.com/advisory/ntap-20241018-0007/" } ], "release_date": "2024-09-03T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-11T09:54:05.727309Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843", "product_ids": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-15366", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')" }, "notes": [ { "category": "description", "text": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-15366" } ], "release_date": "2026-01-20T21:40:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-11T09:54:05.727309Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843", "product_ids": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-1299", "cwe": { "id": "CWE-93", "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')" }, "notes": [ { "category": "description", "text": "The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\nis serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-1299" } ], "release_date": "2026-01-23T16:27:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-11T09:54:05.727309Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843", "product_ids": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-9287", "cwe": { "id": "CWE-428", "name": "Unquoted Search Path or Element" }, "notes": [ { "category": "description", "text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-9287" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7", "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db", "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8", "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483", "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/124651", "url": "https://github.com/python/cpython/issues/124651" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/124712", "url": "https://github.com/python/cpython/pull/124712" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250425-0006/", "url": "https://security.netapp.com/advisory/ntap-20250425-0006/" } ], "release_date": "2024-10-22T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-11T09:54:05.727309Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843", "product_ids": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773222843" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-debug-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:platform-python-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-devel-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-idle-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-libs-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-test-0:3.6.8-62.el8.tuxcare.els6.x86_64", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.i686", "CentOS-Stream-8:python3-tkinter-0:3.6.8-62.el8.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }