CLSA-2026-1779213441

CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat
CVE-2026-3644: reject control characters in http.cookies.Morsel.update()
CVE-2026-0672: reject control characters in http.cookies.Morsel
CVE-2025-8291: check consistency of zip64 end of central directory record
CVE-2025-6069: fix quadratic complexity in processing special input in HTMLParser
CVE-2025-4516: fix use-after-free in the unicode-escape decoder with error handler
CVE-2025-15282: reject control characters in data URL mediatypes
CVE-2025-11468: preserve parenthesis when folding email comments
CVE-2026-3479: reject invalid resource arguments in pkgutil.get_data()
CVE-2026-2297: ensure SourcelessFileLoader uses io.open_code
CVE-2024-5642: disallow setting an empty list for ssl NPN protocols

References

https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1779213441.html

Affected packages

TuxCare:AlmaLinux:9.6

python3.11

Package

Name: python3.11
Purl: pkg:rpm/tuxcare/python3.11?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.11-2.el9_6.2.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"

python3.11-debug

Package

Name: python3.11-debug
Purl: pkg:rpm/tuxcare/python3.11-debug?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.11-2.el9_6.2.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"

python3.11-devel

Package

Name: python3.11-devel
Purl: pkg:rpm/tuxcare/python3.11-devel?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.11-2.el9_6.2.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"

python3.11-idle

Package

Name: python3.11-idle
Purl: pkg:rpm/tuxcare/python3.11-idle?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.11-2.el9_6.2.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"

python3.11-libs

Package

Name: python3.11-libs
Purl: pkg:rpm/tuxcare/python3.11-libs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.11-2.el9_6.2.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"

python3.11-test

Package

Name: python3.11-test
Purl: pkg:rpm/tuxcare/python3.11-test?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.11-2.el9_6.2.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"

python3.11-tkinter

Package

Name: python3.11-tkinter
Purl: pkg:rpm/tuxcare/python3.11-tkinter?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.11-2.el9_6.2.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"