СloudLinux Blog

CloudLinux OS 6 ELS: python package has been rolled out to 100%

Written by Inessa Atmachian | Oct 5, 2021 3:05:15 PM

A new updated python package within CloudLinux OS 6 ELS has been rolled out to 100% and is now available for download from our production repository.

Changelog

python-2.6.6-70.el6.cloudlinux.els

  • Fix prefix dot in domain for proper subdomain validation (CVE-2018-20852)
  • Fix allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client (CVE-2020-8492)
  • Fix http.client allows CRLF injection if the attacker controls the HTTP request method (CVE-2020-26116)
  • Fix unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)

Update command

yum update python*
View full post