[CLSA-2026:1776330599] python3.9: Fix of 11 CVEs
Type:
security
Severity:
('Moderate', ['ELSCVE-82085', 'ELSCVE-82083', 'ELSCVE-82082', 'ELSCVE-82047', 'ELSCVE-82014', 'ELSCVE-81997', 'ELSCVE-81928', 'ELSCVE-81854', 'ELSCVE-81797', 'ELSCVE-81793', 'ELSCVE-81785'])
Release date:
2026-04-16 09:10:08 UTC
Description:
- CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.open_code - CVE-2026-3479: reject invalid resource arguments in pkgutil.get_data() - CVE-2025-1795: fix email header list separator incorrectly encoded during folding - CVE-2026-0672: reject control characters in http cookies - CVE-2025-15282: reject control characters in data URL mediatypes - CVE-2026-3644: reject control characters in http.cookies.Morsel.update(), |=, unpickling, and js_output() - CVE-2026-4224: avoid unbound C recursion in conv_content_model in pyexpat.c - CVE-2025-11468: preserve parens when folding email comments to prevent header injection
Updated packages:
  • python-unversioned-command-3.9.16-1.el9_2.2.tuxcare.els22.noarch.rpm
    sha:f4d636c91aef985ea797249b94d8e88429c0b9f021adc6af9b26ce8518652148
  • python3-3.9.16-1.el9_2.2.tuxcare.els22.i686.rpm
    sha:530b4ca93b385d2f0ae0a483f3820d5acb75913f124f1c7475ed634030ea6678
  • python3-3.9.16-1.el9_2.2.tuxcare.els22.x86_64.rpm
    sha:27f70346dc4a6564ad51f4bdba9011de32b99facc9b0b9e093261c90b5c24204
  • python3-debug-3.9.16-1.el9_2.2.tuxcare.els22.i686.rpm
    sha:ea11c700cd2e677bc563a3ee8b1e8b988e0f0aaa6524abfabb9d570419b70f80
  • python3-debug-3.9.16-1.el9_2.2.tuxcare.els22.x86_64.rpm
    sha:66da0617507edd2c48031374f707e09ad047b1617f2b1a20b6babcaa1f605159
  • python3-devel-3.9.16-1.el9_2.2.tuxcare.els22.i686.rpm
    sha:c0efa264d71c5feb0e764b0e5d789fb2ecc537565ce6239fab73b42bb833b9b1
  • python3-devel-3.9.16-1.el9_2.2.tuxcare.els22.x86_64.rpm
    sha:f2dfe6587fbd08dc262d16f9f089bcae90e2c976f1ec10fef4def9b8c6335561
  • python3-idle-3.9.16-1.el9_2.2.tuxcare.els22.i686.rpm
    sha:db990565314d3dded10117425464e3d9e8050631d6a19ae3ba9f19bd575bf3e7
  • python3-idle-3.9.16-1.el9_2.2.tuxcare.els22.x86_64.rpm
    sha:88866e79d59f3aed5bb5a706cce3ab9b010eceee2c181a83f1fd367137b63ab4
  • python3-libs-3.9.16-1.el9_2.2.tuxcare.els22.i686.rpm
    sha:a2510b6867eb46b9971e34465e19efc0bf1c18de0f4e25c47f6bbbd456d55bf8
  • python3-libs-3.9.16-1.el9_2.2.tuxcare.els22.x86_64.rpm
    sha:737de80202b18ffe962196ef5ce32712f86c19dce870187502d291537420a9f0
  • python3-test-3.9.16-1.el9_2.2.tuxcare.els22.i686.rpm
    sha:aff2f832a462aae828ab61fd0cec0a42ee647b818ff1a9d5224cccb52b6d1644
  • python3-test-3.9.16-1.el9_2.2.tuxcare.els22.x86_64.rpm
    sha:da1ee06648a20374bd512e3f849899e48532fc082a31229d01d427ed947e724b
  • python3-tkinter-3.9.16-1.el9_2.2.tuxcare.els22.i686.rpm
    sha:3b271245293a0e221400dd6d294d21480013d9d1f22aa562a83a7ef447ae42dc
  • python3-tkinter-3.9.16-1.el9_2.2.tuxcare.els22.x86_64.rpm
    sha:e7622de80546ff71e1477b9780b8f001e2022a0cda8f0d477e4672c0b6ce1528
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.