5 matches found
TencentOS Server 3: python3.12 (TSSA-2026:0389)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0389 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
CLSA-2026-1779213441 python3.11: Fix of 11 CVEs
CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat - CVE-2026-3644: reject control characters in http.cookies.Morsel.update - CVE-2026-0672: reject control characters in http.cookies.Morsel - CVE-2025-8291: check consistency of zip64 end of central directory record -...
CLSA-2026-1776330599 python3.9: Fix of 11 CVEs
CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...
CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...