CLSA-2026-1777946894

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777946894

Upstream

CVE-2022-0391

CVE-2022-45061

CVE-2024-7592

CVE-2026-4519

Published

2026-05-05T02:08:23Z

Modified

2026-06-04T09:47:38.161939800Z

Summary

Fix CVE(s): CVE-2022-0391, CVE-2022-45061, CVE-2024-7592, CVE-2026-4519

Details

SECURITY UPDATE: URL parsing accepts ASCII tab/CR/LF (URL smuggling)
- debian/patches/CVE-2022-0391.patch: sanitise tab, CR, LF anywhere in URL/scheme inside urlsplit() before cache lookup, plus regression test in Lib/urlparse.py, Lib/test/test_urlparse.py.
- CVE-2022-0391
SECURITY UPDATE: Quadratic complexity in IDNA decoding (DoS)
- debian/patches/CVE-2022-45061.patch: replace O(n) outer loop with a single any() guard in nameprep(), plus regression test in Lib/encodings/idna.py, Lib/test/test_codecs.py.
- CVE-2022-45061
SECURITY UPDATE: ReDoS in Cookie._unquote (quadratic backslash parsing)
- debian/patches/CVE-2024-7592.patch: replace the quadratic _OctalPatt / QuotePatt loop with a single linear re.sub-based decoder, plus regression tests in Lib/Cookie.py, Lib/test/testcookie.py.
- CVE-2024-7592
SECURITY UPDATE: webbrowser.open() argument injection via leading dash
- debian/patches/CVE-2026-4519.patch: add BaseBrowser.checkurl() and call it from every browser open() to reject URLs whose first non-whitespace char is '-', plus regression test in Lib/webbrowser.py, Lib/test/test_webbrowser.py. Also backports upstream gh-148169 (commit d22922c8a7) to close the %action-substitution bypass: the check is deferred until after %action substitution and the per-arg replace() chain is reordered (%action before %s) so an attacker cannot smuggle a leading dash via the URL.
- CVE-2026-4519
BUILD: replace libdb-dev (<< 1:6.0) with libdb5.3-dev in debian/control{,.in} so the build pulls the explicit Berkeley DB 5.3 development headers available on Ubuntu 20.04 ESM, instead of the virtual libdb-dev package that is no longer satisfied in the ELS build environment.

References

https://errata.tuxcare.com/els_os/ubuntu20.04els/CLSA-2026-1777946894.html

Affected packages

TuxCare:Ubuntu:20.04

idle-python2.7

Package

Name: idle-python2.7
Purl: pkg:deb/tuxcare/idle-python2.7?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

libpython2.7

Package

Name: libpython2.7
Purl: pkg:deb/tuxcare/libpython2.7?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

libpython2.7-dev

Package

Name: libpython2.7-dev
Purl: pkg:deb/tuxcare/libpython2.7-dev?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

libpython2.7-minimal

Package

Name: libpython2.7-minimal
Purl: pkg:deb/tuxcare/libpython2.7-minimal?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

libpython2.7-stdlib

Package

Name: libpython2.7-stdlib
Purl: pkg:deb/tuxcare/libpython2.7-stdlib?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

libpython2.7-testsuite

Package

Name: libpython2.7-testsuite
Purl: pkg:deb/tuxcare/libpython2.7-testsuite?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

python2.7

Package

Name: python2.7
Purl: pkg:deb/tuxcare/python2.7?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

python2.7-dev

Package

Name: python2.7-dev
Purl: pkg:deb/tuxcare/python2.7-dev?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

python2.7-doc

Package

Name: python2.7-doc
Purl: pkg:deb/tuxcare/python2.7-doc?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

python2.7-examples

Package

Name: python2.7-examples
Purl: pkg:deb/tuxcare/python2.7-examples?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"

python2.7-minimal

Package

Name: python2.7-minimal
Purl: pkg:deb/tuxcare/python2.7-minimal?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-1~20.04.7+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777946894.json"