CLSA-2026-1777626401

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777626401

Upstream

CVE-2026-4519

CVE-2026-4786

CVE-2026-6100

Published

2026-05-01T09:06:46Z

Modified

2026-06-01T00:33:13.013136814Z

Summary

python3: Fix of 3 CVEs

Details

CVE-2026-6100: clear dangling next_in pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse
CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check

References

https://errata.tuxcare.com/els_os/centos8.4els/CLSA-2026-1777626401.html

Affected packages

TuxCare:CentOS:8.4

platform-python

Package

Name: platform-python
Purl: pkg:rpm/tuxcare/platform-python?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"

platform-python-debug

Package

Name: platform-python-debug
Purl: pkg:rpm/tuxcare/platform-python-debug?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"

platform-python-devel

Package

Name: platform-python-devel
Purl: pkg:rpm/tuxcare/platform-python-devel?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"

python3-devel

Package

Name: python3-devel
Purl: pkg:rpm/tuxcare/python3-devel?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"

python3-idle

Package

Name: python3-idle
Purl: pkg:rpm/tuxcare/python3-idle?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"

python3-libs

Package

Name: python3-libs
Purl: pkg:rpm/tuxcare/python3-libs?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"

python3-test

Package

Name: python3-test
Purl: pkg:rpm/tuxcare/python3-test?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"

python3-tkinter

Package

Name: python3-tkinter
Purl: pkg:rpm/tuxcare/python3-tkinter?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-40.el8_4.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777626401.json"