Tuxcare Errata System 0.0.1 5.10 2026-04-17T14:06:46 Community Enterprise Operating System 9 - CVE-2023-24329: make urllib.parse.urlparse enforce that a scheme must begin with an alphabetical ASCII character - CVE-2023-40217: check for & avoid the ssl pre-close flaw - CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing double-quoted cookie values with backslashes Important TuxCare License Agreement CVE-2023-24329 CVE-2024-9287 CVE-2024-6232 CVE-2022-45061 CVE-2023-27043 CVE-2023-40217 CVE-2021-28861 CVE-2024-7592 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability - CVE-2023-6597: prevent tempfile.TemporaryDirectory class dereference symlinks Important TuxCare License Agreement CVE-2007-4559 CVE-2023-6597 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2019-9674: add pitfalls to zipfile module documentation Important TuxCare License Agreement CVE-2019-9674 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2022-45061: fix quadratic time idna decoding - CVE-2019-9674: add pitfalls to zipfile module documentation Critical TuxCare License Agreement CVE-2024-7592 CVE-2024-6232 CVE-2023-24329 CVE-2019-9674 CVE-2022-48560 CVE-2022-48565 CVE-2022-45061 CVE-2022-0391 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2023-27043: reject malformed addresses in email.parseaddr() - CVE-2020-8492: fix regex in AbstractBasicAuthHandler - CVE-2021-3733: fix regex in AbstractBasicAuthHandler Moderate TuxCare License Agreement CVE-2020-8492 CVE-2022-48566 CVE-2023-40217 CVE-2021-3733 CVE-2023-27043 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2021-3737: stop reading a header if it's too long - CVE-2019-20907: avoid infinite loop in the tarfile module - Build and testing fixes in spec Important TuxCare License Agreement CVE-2019-20907 CVE-2021-3737 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2020-26116: prevent http header injection in httplib Important TuxCare License Agreement CVE-2020-26116 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - Fix CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses (filter="tar"/filter="data") - fix test_tarfile.py Important TuxCare License Agreement CVE-2025-4435 CVE-2025-4330 CVE-2025-4138 CVE-2024-12718 CVE-2025-4517 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2025-13837: fix memory denial of service in plistlib Moderate TuxCare License Agreement CVE-2025-13837 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2015-20107: mailcap: sanitize the second argument which allowing shell commands injection Important TuxCare License Agreement CVE-2015-20107 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2015-20107: sanitize the second argument, which allows shell command injection in the mailcap module Important TuxCare License Agreement CVE-2015-20107 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2025-12084: remove quadratic behavior in xml.minidom node ID cache clearing Moderate TuxCare License Agreement CVE-2025-12084 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2025-6075: fix quadratic complexity in os.path.expandvars() Moderate TuxCare License Agreement CVE-2025-6075 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative Important TuxCare License Agreement CVE-2025-8194 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative Important TuxCare License Agreement CVE-2025-8194 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2025-6075: fix quadratic complexity in os.path.expandvars() Moderate TuxCare License Agreement CVE-2025-6075 cpe:/o:centos:centos:9 Community Enterprise Operating System 9 - CVE-2026-4519: reject leading dashes in webbrowser.open() URLs to prevent command-line option injection in browser subprocesses Low TuxCare License Agreement CVE-2026-4519 cpe:/o:centos:centos:9 alt-python36 alt-python36-debug alt-python36-devel alt-python36-libs alt-python36-test alt-python36-tkinter alt-python36-tools alt-python27 alt-python27-debug alt-python27-devel alt-python27-libs alt-python27-test alt-python27-tkinter alt-python27-tools x86_64 0:3.6.15-6.el9 d07bf2a08d50eb66 x86_64 0:3.6.15-7.el9 x86_64 0:3.6.15-8.el9 x86_64 0:2.7.18-14.el9 x86_64 0:2.7.18-16.el9 x86_64 0:2.7.18-20.el9 x86_64 0:2.7.18-21.el9 x86_64 0:3.6.15-13.el9 x86_64 0:3.6.15-16.el9 x86_64 0:2.7.18-22.el9 x86_64 0:3.6.15-17.el9 x86_64 0:2.7.18-23.el9 x86_64 0:3.6.15-18.el9 x86_64 0:3.6.15-19.el9 x86_64 0:2.7.18-24.el9 x86_64 0:2.7.18-25.el9 x86_64 0:3.6.15-20.el9