{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-1299: reject email header values containing newlines without \n whitespace to prevent header injection and info leak via the buffer protocol\n- CVE-2024-6923: ensure email headers are encoded and verified correctly, \n raising exceptions for malformed input to prevent processing of invalid or dangerous headers", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771925958", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771925958" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/advisories/2026/clsa-2026_1771925958.json" } ], "tracking": { "current_release_date": "2026-02-24T09:40:03Z", "generator": { "date": "2026-02-24T09:40:03Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1771925958", "initial_release_date": "2026-02-24T09:40:03Z", "revision_history": [ { "date": "2026-02-24T09:40:03Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "python2: Fix of 2 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python27:2.7:8050020260224024624:182f7c73", "product": { "name": "python27:2.7:8050020260224024624:182f7c73", "product_id": "python27:2.7:8050020260224024624:182f7c73", "product_identification_helper": { "purl": "pkg:rpmmod/cloudlinux/python27@2.7:8050020260224024624:182f7c73" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product": { "name": "python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_id": "python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python2-tools@2.7.18-7.module_el8.5.0%2B2354%2B0d350335.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product": { "name": "python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_id": "python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python2@2.7.18-7.module_el8.5.0%2B2354%2B0d350335.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product": { "name": "python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_id": "python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python2-debug@2.7.18-7.module_el8.5.0%2B2354%2B0d350335.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product": { "name": "python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_id": "python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python2-devel@2.7.18-7.module_el8.5.0%2B2354%2B0d350335.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product": { "name": "python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_id": "python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python2-test@2.7.18-7.module_el8.5.0%2B2354%2B0d350335.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product": { "name": "python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_id": "python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python2-tkinter@2.7.18-7.module_el8.5.0%2B2354%2B0d350335.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product": { "name": "python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_id": "python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/python2-libs@2.7.18-7.module_el8.5.0%2B2354%2B0d350335.tuxcare.els17?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python27:2.7:8050020260224024624:182f7c73 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python27:2.7:8050020260224024624:182f7c73" }, "product_reference": "python27:2.7:8050020260224024624:182f7c73", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64" }, "product_reference": "python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64" }, "product_reference": "python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64" }, "product_reference": "python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64" }, "product_reference": "python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64" }, "product_reference": "python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64" }, "product_reference": "python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64" }, "product_reference": "python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-6923", "notes": [ { "category": "description", "text": "There is a MEDIUM severity vulnerability affecting CPython.\nThe \nemail module didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\nis serialized.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python27:2.7:8050020260224024624:182f7c73" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-6923" } ], "release_date": "2024-08-01T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-24T09:39:21.631386Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771925958", "product_ids": [ "CentOS-8.5:python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python27:2.7:8050020260224024624:182f7c73" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771925958" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CentOS-8.5:python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python27:2.7:8050020260224024624:182f7c73" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-1299", "cwe": { "id": "CWE-93", "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')" }, "notes": [ { "category": "description", "text": "The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\nis serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python27:2.7:8050020260224024624:182f7c73" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-1299" } ], "release_date": "2026-01-23T16:27:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-24T09:39:21.631386Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771925958", "product_ids": [ "CentOS-8.5:python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python27:2.7:8050020260224024624:182f7c73" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771925958" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "CentOS-8.5:python2-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-debug-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-devel-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-libs-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-test-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tkinter-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python2-tools-0:2.7.18-7.module_el8.5.0+2354+0d350335.tuxcare.els17.x86_64", "CentOS-8.5:python27:2.7:8050020260224024624:182f7c73" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }