CLSA-2026-1777940906

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1777940906
Upstream
  • CVE-2026-4519
  • CVE-2026-4786
Published
2026-05-05T00:28:34Z
Modified
2026-06-01T00:33:14.552622027Z
Summary
python2: Fix of 3 CVEs
Details
  • CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives
  • CVE-2026-4519: reject URLs with leading dashes in webbrowser.open() to prevent injection of command-line options into spawned browser process
  • CVE-2026-4786: fix bypass of CVE-2026-4519 check via %action substitution in UnixBrowser.open() that allowed dash-prefixed URLs through
References

Affected packages

TuxCare:CentOS-Stream:8
python2

Package

Name
python2
Purl
pkg:rpm/tuxcare/python2?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json"
python2-debug

Package

Name
python2-debug
Purl
pkg:rpm/tuxcare/python2-debug?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json"
python2-devel

Package

Name
python2-devel
Purl
pkg:rpm/tuxcare/python2-devel?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json"
python2-libs

Package

Name
python2-libs
Purl
pkg:rpm/tuxcare/python2-libs?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json"
python2-test

Package

Name
python2-test
Purl
pkg:rpm/tuxcare/python2-test?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json"
python2-tkinter

Package

Name
python2-tkinter
Purl
pkg:rpm/tuxcare/python2-tkinter?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json"
python2-tools

Package

Name
python2-tools
Purl
pkg:rpm/tuxcare/python2-tools?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-17.module_el8+2390+a1827c35.tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1777940906.json"