Tuxcare Errata System 0.0.1 5.10 2026-04-17T14:03:01 Community Enterprise Operating System 8 - CVE-2023-24329: make urllib.parse.urlparse enforce that a scheme must begin with an alphabetical ASCII character - CVE-2023-40217: check for & avoid the ssl pre-close flaw - CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing double-quoted cookie values with backslashes Important TuxCare License Agreement CVE-2023-24329 CVE-2024-9287 CVE-2024-7592 CVE-2023-40217 CVE-2023-27043 CVE-2024-6232 CVE-2022-45061 CVE-2021-28861 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability - CVE-2023-6597: prevent tempfile.TemporaryDirectory class dereference symlinks Important TuxCare License Agreement CVE-2023-6597 CVE-2007-4559 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2019-9674: add pitfalls to zipfile module documentation Important TuxCare License Agreement CVE-2019-9674 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2022-45061: fix quadratic time idna decoding - CVE-2019-9674: add pitfalls to zipfile module documentation Critical TuxCare License Agreement CVE-2022-0391 CVE-2023-24329 CVE-2022-45061 CVE-2019-9674 CVE-2022-48565 CVE-2022-48560 CVE-2024-7592 CVE-2024-6232 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2023-27043: reject malformed addresses in email.parseaddr() - CVE-2020-8492: fix regex in AbstractBasicAuthHandler - CVE-2021-3733: fix regex in AbstractBasicAuthHandler Moderate TuxCare License Agreement CVE-2021-3733 CVE-2020-8492 CVE-2022-48566 CVE-2023-40217 CVE-2023-27043 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2021-3737: stop reading a header if it's too long - CVE-2019-20907: avoid infinite loop in the tarfile module - Build and testing fixes in spec Important TuxCare License Agreement CVE-2019-20907 CVE-2021-3737 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2020-26116: prevent http header injection in httplib Important TuxCare License Agreement CVE-2020-26116 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - Fix CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses (filter="tar"/filter="data") - fix test_tarfile.py Important TuxCare License Agreement CVE-2025-4138 CVE-2025-4517 CVE-2025-4330 CVE-2025-4435 CVE-2024-12718 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2025-13837: fix memory denial of service in plistlib Moderate TuxCare License Agreement CVE-2025-13837 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2015-20107: mailcap: sanitize the second argument which allowing shell commands injection Important TuxCare License Agreement CVE-2015-20107 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2015-20107: sanitize the second argument, which allows shell command injection in the mailcap module Important TuxCare License Agreement CVE-2015-20107 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2025-12084: remove quadratic behavior in xml.minidom node ID cache clearing Moderate TuxCare License Agreement CVE-2025-12084 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2025-6075: fix quadratic complexity in os.path.expandvars() Moderate TuxCare License Agreement CVE-2025-6075 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative Important TuxCare License Agreement CVE-2025-8194 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative Important TuxCare License Agreement CVE-2025-8194 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2025-6075: fix quadratic complexity in os.path.expandvars() Moderate TuxCare License Agreement CVE-2025-6075 cpe:/o:centos:centos:8 Community Enterprise Operating System 8 - CVE-2026-4519: reject leading dashes in webbrowser.open() URLs to prevent command-line option injection in browser subprocesses Low TuxCare License Agreement CVE-2026-4519 cpe:/o:centos:centos:8 alt-python36 alt-python36-debug alt-python36-devel alt-python36-libs alt-python36-test alt-python36-tkinter alt-python36-tools alt-python27 alt-python27-debug alt-python27-devel alt-python27-libs alt-python27-test alt-python27-tkinter alt-python27-tools x86_64 0:3.6.15-6.el8 d07bf2a08d50eb66 x86_64 0:3.6.15-7.el8 x86_64 0:3.6.15-8.el8 x86_64 0:2.7.18-14.el8 x86_64 0:2.7.18-16.el8 x86_64 0:2.7.18-20.el8 x86_64 0:2.7.18-21.el8 x86_64 0:3.6.15-13.el8 x86_64 0:3.6.15-16.el8 x86_64 0:2.7.18-22.el8 x86_64 0:3.6.15-17.el8 x86_64 0:2.7.18-23.el8 x86_64 0:3.6.15-18.el8 x86_64 0:3.6.15-19.el8 x86_64 0:2.7.18-24.el8 x86_64 0:2.7.18-25.el8 x86_64 0:3.6.15-20.el8