CLSA-2026-1772631219

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1772631219
Upstream
Published
2026-03-04T13:33:44Z
Modified
2026-06-01T00:32:04.174442712Z
Summary
python3: Fix of 5 CVEs
Details
  • CVE-2024-12718: extractall: re-apply the filter at directory-attribute fixup, skip fixup if the entry is no longer a directory
  • CVE-2025-4138: datafilter: strip .. components from symlink targets in datafilter to prevent traversal via symlinks in the link target
  • CVE-2025-4330: re-apply filter when a hard/symlink extraction falls back to copying another archive member
  • CVE-2025-4435: extract/extractall: don't extract rejected members when errorlevel=0
  • CVE-2025-4517: raise exceptions on OS errors in realpath to prevent overly-long symlink chains from evading destination bounds checking
References

Affected packages

TuxCare:CentOS-Stream:8
platform-python

Package

Name
platform-python
Purl
pkg:rpm/tuxcare/platform-python?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"
platform-python-debug

Package

Name
platform-python-debug
Purl
pkg:rpm/tuxcare/platform-python-debug?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"
platform-python-devel

Package

Name
platform-python-devel
Purl
pkg:rpm/tuxcare/platform-python-devel?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"
python3-devel

Package

Name
python3-devel
Purl
pkg:rpm/tuxcare/python3-devel?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"
python3-idle

Package

Name
python3-idle
Purl
pkg:rpm/tuxcare/python3-idle?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"
python3-libs

Package

Name
python3-libs
Purl
pkg:rpm/tuxcare/python3-libs?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"
python3-test

Package

Name
python3-test
Purl
pkg:rpm/tuxcare/python3-test?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"
python3-tkinter

Package

Name
python3-tkinter
Purl
pkg:rpm/tuxcare/python3-tkinter?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.8-62.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1772631219.json"