[CLSA-2026:1777624948] Fix CVE(s): CVE-2024-0397, CVE-2024-4032, CVE-2024-6923, CVE-2026-1299

Type:

security

Severity:

Important

Release date:

2026-05-01 08:42:33 UTC

Description:

   * SECURITY UPDATE: email BytesGenerator header injection
     - debian/patches/CVE-2026-1299.patch: combined backport of
       gh-121650 (CVE-2024-6923) and gh-144125 (CVE-2026-1299) that
       adds email.errors.HeaderWriteError, the
       policy.verify_generated_headers attribute, and the
       verify-on-write check for both Generator and BytesGenerator,
       preventing CRLF/LF header injection through custom fold().
     - CVE-2026-1299
   * SECURITY UPDATE: ssl.SSLContext memory race in cert_store_stats /
     get_ca_certs
     - debian/patches/CVE-2024-0397.patch: backport the
       X509_STORE_get1_objects shim and the x509_object_dup helper from
       cpython 3.8.20 (29c97287d2). The two affected impl functions in
       Modules/_ssl.c (cert_store_stats / get_ca_certs) now take a
       deep-copy snapshot of the X509_STORE under X509_STORE_lock(),
       preventing the use-after-free that occurred when certificates
       were loaded concurrently from another thread.
     - CVE-2024-0397
   * SECURITY UPDATE: ipaddress is_private/is_global misclassification
     - debian/patches/CVE-2024-4032.patch: backport cpython 3.8.20 fix
       895f7e2ac2 (gh-113171). Adds the
       _IPv4Constants._private_networks_exceptions list (192.0.0.9/32,
       192.0.0.10/32) and the IPv6 equivalents (2001:1::1/128,
       2001:1::2/128, 2001:3::/32, 2001:4:112::/48, 2001:20::/28,
       2001:30::/28). Expands 192.0.0.0/29 to /24, adds 64:ff9b:1::/48
       and 2002::/16 to the IPv6 _private_networks list, and updates
       is_private to filter against the exceptions list and use
       ipv4_mapped semantics on IPv6.
     - CVE-2024-4032

Updated packages:

alt-python37_3.7.17-17_amd64.deb
sha:a729ea46fba7946dbf513802a4cbdf1658440590
alt-python37-debug_3.7.17-17_amd64.deb
sha:16c25a971b0027dc27bb13116928f9a766db3422
alt-python37-devel_3.7.17-17_amd64.deb
sha:0984534a8d820d91a73745a4c13272cab013b2ac
alt-python37-libs_3.7.17-17_amd64.deb
sha:586ac591688143f651fbe8e7a4e096e61b8d740a
alt-python37-test_3.7.17-17_amd64.deb
sha:2ba1439ce1e31aad8883047cffcf75c5efb86076
alt-python37-tkinter_3.7.17-17_amd64.deb
sha:83c644b27e4fd7af9e0bcd6f5ad723e9d9a97bb7
alt-python37-tools_3.7.17-17_amd64.deb
sha:8b8918a6b9230773a309751f83849eb0c905187c
alt-python37_3.7.17-17_arm64.deb
sha:c208e807453a9ba723a3d3efbc5e1052b17ad879
alt-python37-debug_3.7.17-17_arm64.deb
sha:18d3e863aa6c4b9940a39991bed8f969e7da1804
alt-python37-devel_3.7.17-17_arm64.deb
sha:1a5b5798012c4a32d4a5d55480d4ed09521d7e6a
alt-python37-libs_3.7.17-17_arm64.deb
sha:a79c9e89b3bd5eb5cb20f7cc2229d1e317945bd2
alt-python37-test_3.7.17-17_arm64.deb
sha:cde667ecc14537559a8117346cb78aebb0c2fbb6
alt-python37-tkinter_3.7.17-17_arm64.deb
sha:c8820d6a8a489fbbc883c79bb1e28fe60f94f8a7
alt-python37-tools_3.7.17-17_arm64.deb
sha:7049707fd950ea4fda9e5a2f06322cecb518b607

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.