CLSA-2026-1777998709

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777998709

Upstream

CVE-2025-8194

CVE-2026-4519

CVE-2026-4786

Published

2026-05-05T16:31:54Z

Modified

2026-06-01T00:33:23.715059161Z

Summary

python2: Fix of 3 CVEs

Details

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives
CVE-2026-4519: reject URLs with leading dashes in webbrowser.open() to prevent injection of command-line options into spawned browser process
CVE-2026-4786: fix bypass of CVE-2026-4519 check via %action substitution in UnixBrowser.open() that allowed dash-prefixed URLs through

References

https://errata.tuxcare.com/els_os/centos8.5els/CLSA-2026-1777998709.html

Affected packages

TuxCare:CentOS:8.5

python2

Package

Name: python2
Purl: pkg:rpm/tuxcare/python2?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json"

python2-debug

Package

Name: python2-debug
Purl: pkg:rpm/tuxcare/python2-debug?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json"

python2-devel

Package

Name: python2-devel
Purl: pkg:rpm/tuxcare/python2-devel?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json"

python2-libs

Package

Name: python2-libs
Purl: pkg:rpm/tuxcare/python2-libs?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json"

python2-test

Package

Name: python2-test
Purl: pkg:rpm/tuxcare/python2-test?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json"

python2-tkinter

Package

Name: python2-tkinter
Purl: pkg:rpm/tuxcare/python2-tkinter?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json"

python2-tools

Package

Name: python2-tools
Purl: pkg:rpm/tuxcare/python2-tools?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-7.module_el8.5.0+2391+7f8635d8.tuxcare.els21

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777998709.json"