Release date:
2026-05-01 12:02:25 UTC
Description:
- CVE-2026-1299: email.BytesGenerator now refuses to serialize headers
that are unsafely folded or contain unfolded newlines, closing a
header-injection bypass of CVE-2024-6923 (also includes the
CVE-2024-6923 prerequisite hardening of the string Generator)
- CVE-2024-0397: ssl.SSLContext.cert_store_stats() and get_ca_certs()
now correctly lock the certificate store via a backported
X509_STORE_get1_objects shim, fixing a memory race when an
SSLContext is shared across threads
- CVE-2024-4032: ipaddress is_private/is_global now classify addresses
per the IANA special-purpose registries (192.0.0.0/24 with 192.0.0.9
and 192.0.0.10 exceptions, 64:ff9b:1::/48, 2002::/16, and the
2001::/23 sub-range exceptions)
Updated packages:
-
alt-python36-3.6.15-22.el7.x86_64.rpm
sha:38d3bc1d8cf06f7d1cb6f6c840b66fbcc513694d6818c2e641d5dd8f496a1bc6
-
alt-python36-debug-3.6.15-22.el7.x86_64.rpm
sha:b850267544aa9269b238f126ac2816509376c104cde7173de1af92645339817c
-
alt-python36-devel-3.6.15-22.el7.x86_64.rpm
sha:09055c664d09e7ef44acb4e05cb0ca1e7020605db7470c4caa0c40a320c7e9de
-
alt-python36-libs-3.6.15-22.el7.x86_64.rpm
sha:6b8fd5883e6c49dc5c89ac4beea03ec6e761650ed281d88ee0192eed94ad66ba
-
alt-python36-test-3.6.15-22.el7.x86_64.rpm
sha:590af46dcb77f3b83e08eccdf1e2752377ebb68a459037754f2cbac1dccf94a1
-
alt-python36-tkinter-3.6.15-22.el7.x86_64.rpm
sha:34a2f058e601aa6a6ddf024aa07926f48b355dc3ba2435b3222ee1ebcb244fbc
-
alt-python36-tools-3.6.15-22.el7.x86_64.rpm
sha:df5e56341fb56c9adfc2b42042692017a4b4967cd5c6dd67fda1bc639a363d00
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
