CLSA-2026-1778145319

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1778145319

Upstream

CVE-2025-8194

CVE-2026-4519

CVE-2026-4786

Published

2026-05-07T09:15:23Z

Modified

2026-06-01T00:32:38.940886762Z

Summary

python2: Fix of 3 CVEs

Details

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives
CVE-2026-4519: reject URLs with leading dashes in webbrowser.open() to prevent injection of command-line options into spawned browser process
CVE-2026-4786: fix bypass of CVE-2026-4519 check via %action substitution in UnixBrowser.open() that allowed dash-prefixed URLs through

References

https://errata.tuxcare.com/els_os/centos8.4els/CLSA-2026-1778145319.html

Affected packages

TuxCare:CentOS:8.4

python2

Package

Name: python2
Purl: pkg:rpm/tuxcare/python2?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json"

python2-debug

Package

Name: python2-debug
Purl: pkg:rpm/tuxcare/python2-debug?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json"

python2-devel

Package

Name: python2-devel
Purl: pkg:rpm/tuxcare/python2-devel?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json"

python2-libs

Package

Name: python2-libs
Purl: pkg:rpm/tuxcare/python2-libs?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json"

python2-test

Package

Name: python2-test
Purl: pkg:rpm/tuxcare/python2-test?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json"

python2-tkinter

Package

Name: python2-tkinter
Purl: pkg:rpm/tuxcare/python2-tkinter?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json"

python2-tools

Package

Name: python2-tools
Purl: pkg:rpm/tuxcare/python2-tools?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-4.module_el8.4.0+2392+21dc0dc6.tuxcare.els22

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1778145319.json"