CLSA-2026-1777944317

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1777944317
Upstream
  • CVE-2026-4519
  • CVE-2026-4786
Published
2026-05-05T01:25:22Z
Modified
2026-06-04T09:47:36.163634636Z
Summary
Fix CVE(s): CVE-2025-8194, CVE-2026-4519, CVE-2026-4786
Details
  • SECURITY UPDATE: tarfile DoS via negative member offsets
    • debian/patches/CVE-2025-8194.patch: validate that member offsets are non-negative in Lib/tarfile.py.
    • CVE-2025-8194
  • SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes
    • debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open().
    • CVE-2026-4519
    • CVE-2026-4786
References

Affected packages

TuxCare:Ubuntu:18.04
idle-python2.7

Package

Name
idle-python2.7
Purl
pkg:deb/tuxcare/idle-python2.7?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
libpython2.7

Package

Name
libpython2.7
Purl
pkg:deb/tuxcare/libpython2.7?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
libpython2.7-dev

Package

Name
libpython2.7-dev
Purl
pkg:deb/tuxcare/libpython2.7-dev?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
libpython2.7-minimal

Package

Name
libpython2.7-minimal
Purl
pkg:deb/tuxcare/libpython2.7-minimal?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
libpython2.7-stdlib

Package

Name
libpython2.7-stdlib
Purl
pkg:deb/tuxcare/libpython2.7-stdlib?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
libpython2.7-testsuite

Package

Name
libpython2.7-testsuite
Purl
pkg:deb/tuxcare/libpython2.7-testsuite?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
python2.7

Package

Name
python2.7
Purl
pkg:deb/tuxcare/python2.7?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
python2.7-dev

Package

Name
python2.7-dev
Purl
pkg:deb/tuxcare/python2.7-dev?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
python2.7-doc

Package

Name
python2.7-doc
Purl
pkg:deb/tuxcare/python2.7-doc?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
python2.7-examples

Package

Name
python2.7-examples
Purl
pkg:deb/tuxcare/python2.7-examples?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"
python2.7-minimal

Package

Name
python2.7-minimal
Purl
pkg:deb/tuxcare/python2.7-minimal?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.17-1~18.04ubuntu1.11+tuxcare.els12

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1777944317.json"