Release date:
2026-05-01 12:10:58 UTC
Description:
- CVE-2026-1299: email.BytesGenerator now refuses to serialize headers
that are unsafely folded or contain unfolded newlines, closing a
header-injection bypass of CVE-2024-6923 (also includes the
CVE-2024-6923 prerequisite hardening of the string Generator)
- CVE-2024-0397: ssl.SSLContext.cert_store_stats() and get_ca_certs()
now correctly lock the certificate store via a backported
X509_STORE_get1_objects shim, fixing a memory race when an
SSLContext is shared across threads
- CVE-2024-4032: ipaddress is_private/is_global now classify addresses
per the IANA special-purpose registries (192.0.0.0/24 with 192.0.0.9
and 192.0.0.10 exceptions, 64:ff9b:1::/48, 2002::/16, and the
2001::/23 sub-range exceptions)
Updated packages:
-
alt-python36-3.6.15-22.el9.x86_64.rpm
sha:cb9fb7d3d7518a2b3f5f63e2aef60ffd8cb1a1247b5d3675a87b0cd8be0ae2a6
-
alt-python36-debug-3.6.15-22.el9.x86_64.rpm
sha:a77464f46827dc7895a1b48ef1cafacb2f1ad4d26cef2a5bdd483459f7070c05
-
alt-python36-devel-3.6.15-22.el9.x86_64.rpm
sha:b7e11e999710fc26436882f8b21121b630bf9ace951c06eed351ca67d8adc758
-
alt-python36-libs-3.6.15-22.el9.x86_64.rpm
sha:23e49c6edd3815d61b1cffb5d1dc06811620c43d3d511efcbe8b3506157ff196
-
alt-python36-test-3.6.15-22.el9.x86_64.rpm
sha:8f18e95f96ae7065b8b200d400a04d2b9087a66f9a47d12bbf113f01467e6c41
-
alt-python36-tkinter-3.6.15-22.el9.x86_64.rpm
sha:567e07d9a3afcecf0df7a3d107281f8c65edcbdf4138b75cd1f48f88392c4b45
-
alt-python36-tools-3.6.15-22.el9.x86_64.rpm
sha:7ff5b61f91295f2e9d208c836e8738a1fa27b1ed55cb16772800ebded335b108
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
