{"id":"CLSA-2026-1779213441","summary":"python3.11: Fix of 11 CVEs","details":"- CVE-2026-4224: avoid unbound C recursion in conv_content_model in pyexpat\n- CVE-2026-3644: reject control characters in http.cookies.Morsel.update()\n- CVE-2026-0672: reject control characters in http.cookies.Morsel\n- CVE-2025-8291: check consistency of zip64 end of central directory record\n- CVE-2025-6069: fix quadratic complexity in processing special input in HTMLParser\n- CVE-2025-4516: fix use-after-free in the unicode-escape decoder with error handler\n- CVE-2025-15282: reject control characters in data URL mediatypes\n- CVE-2025-11468: preserve parenthesis when folding email comments\n- CVE-2026-3479: reject invalid resource arguments in pkgutil.get_data()\n- CVE-2026-2297: ensure SourcelessFileLoader uses io.open_code\n- CVE-2024-5642: disallow setting an empty list for ssl NPN protocols","modified":"2026-05-27T11:33:12.940843784Z","published":"2026-05-19T17:57:25Z","upstream":["CVE-2024-5642","CVE-2025-11468","CVE-2025-15282","CVE-2025-4516","CVE-2025-6069","CVE-2025-8291","CVE-2026-0672","CVE-2026-2297","CVE-2026-3479","CVE-2026-3644","CVE-2026-4224"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1779213441.html"}],"affected":[{"package":{"name":"python3.11","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/python3.11?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.11-2.el9_6.2.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"}},{"package":{"name":"python3.11-debug","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/python3.11-debug?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.11-2.el9_6.2.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"}},{"package":{"name":"python3.11-devel","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/python3.11-devel?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.11-2.el9_6.2.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"}},{"package":{"name":"python3.11-idle","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/python3.11-idle?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.11-2.el9_6.2.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"}},{"package":{"name":"python3.11-libs","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/python3.11-libs?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.11-2.el9_6.2.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"}},{"package":{"name":"python3.11-test","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/python3.11-test?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.11-2.el9_6.2.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"}},{"package":{"name":"python3.11-tkinter","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/python3.11-tkinter?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.11-2.el9_6.2.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779213441.json"}}],"schema_version":"1.7.5"}