[CLSA-2026:1781205404] Fix CVE(s): CVE-2025-13462, CVE-2026-4224, CVE-2026-7210
Type:
security
Severity:
Critical
Release date:
2026-06-11 19:17:09 UTC
Description:
* SECURITY UPDATE: tarfile misinterprets crafted multi-block GNU long name archives via AREGTYPE/DIRTYPE normalization - debian/patches/CVE-2025-13462.patch: skip the old-v7 AREGTYPE to DIRTYPE normalization when reading the follow-up header of a GNU LONGNAME / LONGLINK or PAX member in Lib/tarfile.py - CVE-2025-13462 * SECURITY UPDATE: C stack overflow in pyexpat when an ElementDeclHandler parses a deeply nested content model - debian/patches/CVE-2026-4224.patch: guard conv_content_model() recursion with Py_EnterRecursiveCall()/Py_LeaveRecursiveCall() in Modules/pyexpat.c - CVE-2026-4224 * SECURITY UPDATE: insufficient entropy in pyexpat/_elementtree hash-flooding protection - debian/patches/CVE-2026-7210.patch: bind XML_SetHashSalt16Bytes as a weak symbol to seed the Expat parser with 16 bytes of entropy when hash randomization is enabled; falls back to the legacy XML_SetHashSalt when unavailable. Requires libexpat1 (>= 2.2.6-2+deb10u7+tuxcare.els6). - CVE-2026-7210
CVEs fixed:
Updated packages:
  • idle-python2.7_2.7.16-2+deb10u4+tuxcare.els2_all.deb
    sha:92de853df9c99a1ecbea5f41bed100544cb8bd75
  • libpython2.7_2.7.16-2+deb10u4+tuxcare.els2_amd64.deb
    sha:d755afc08a23e4b87c63917651959cbbba4a6d07
  • libpython2.7-dev_2.7.16-2+deb10u4+tuxcare.els2_amd64.deb
    sha:c28c97acca33f08b7e4f822ebd59665e1ceb9ccf
  • libpython2.7-minimal_2.7.16-2+deb10u4+tuxcare.els2_amd64.deb
    sha:c49eb5c4adfbf4e1dd7ce3ed08c9f6638923c604
  • libpython2.7-stdlib_2.7.16-2+deb10u4+tuxcare.els2_amd64.deb
    sha:3498f03fa8e56dd67e85d4d6e2f12b8a595930b6
  • libpython2.7-testsuite_2.7.16-2+deb10u4+tuxcare.els2_all.deb
    sha:a497b48669734c0ef3f8bc50be7104f72dd0722d
  • python2.7_2.7.16-2+deb10u4+tuxcare.els2_amd64.deb
    sha:fb1ec6de5529ce8bddd5414824055c2521031e45
  • python2.7-dev_2.7.16-2+deb10u4+tuxcare.els2_amd64.deb
    sha:e77661a7ece5895316dba2075caf08a97c6604c3
  • python2.7-doc_2.7.16-2+deb10u4+tuxcare.els2_all.deb
    sha:3bcba41d9593a54ba58ee6fc2bf8fe159451aace
  • python2.7-examples_2.7.16-2+deb10u4+tuxcare.els2_all.deb
    sha:66ef5e3c480fbc8d6167cde0c56d2e6085e16b58
  • python2.7-minimal_2.7.16-2+deb10u4+tuxcare.els2_amd64.deb
    sha:c28280400670b1c1f13ee8bc25cf31eeb8c15a8c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.