Release date:
2026-06-25 09:13:24 UTC
Description:
* SECURITY UPDATE: bz2.BZ2Decompressor could write out of bounds (stack
buffer overflow, CWE-121) when reused after a decompression error.
Re-entering BZ2_bzDecompress() on a stream that libbz2 had already
reported an error on left the internal state inconsistent.
- debian/patches/CVE-2026-9669.patch: backport of cpython
5755d0f083949ff3c5bf3a37e673e24e306b036e (gh-150599). Records the
libbz2 error in a new bzerror field and marks the decompressor
unusable, so a subsequent decompress() raises ValueError instead of
re-entering the corrupted stream.
- CVE-2026-9669
Updated packages:
-
alt-python38_3.8.20-21_amd64.deb
sha:878e094699c8ad86b70775b10a1a898b1ec1d922
-
alt-python38-debug_3.8.20-21_amd64.deb
sha:e51f24a046a80ce05b705f479f9e3858db7a3270
-
alt-python38-devel_3.8.20-21_amd64.deb
sha:4a634bfc37c53a6b4ff8db5dd2a49d8b9d2381c0
-
alt-python38-idle_3.8.20-21_amd64.deb
sha:7824779bce9caec35b59b4f93b4e697e4f828a02
-
alt-python38-libs_3.8.20-21_amd64.deb
sha:3239850b52f0d03917c769ca99a4f4d64fc7c26f
-
alt-python38-test_3.8.20-21_amd64.deb
sha:a7f1d30c65cde161101829cf847b1d3d3bb99fae
-
alt-python38-tkinter_3.8.20-21_amd64.deb
sha:f1ddacf2be723bdff05c21db8615393ea8561801
-
alt-python38_3.8.20-21_arm64.deb
sha:25be59b2adc8351a8fcb032bd1f46fa5eb1458f6
-
alt-python38-debug_3.8.20-21_arm64.deb
sha:4f14c5e0ac7dbddb44d209e450aa7c5b92020725
-
alt-python38-devel_3.8.20-21_arm64.deb
sha:4f03c66df7fff09d5e45252db2605c7f7b269f0a
-
alt-python38-idle_3.8.20-21_arm64.deb
sha:d253a322c0f99d06d7cb07d0bac4b50fe2b0983d
-
alt-python38-libs_3.8.20-21_arm64.deb
sha:3522832b6e32456a7f82f57fb495d77fd7db252a
-
alt-python38-test_3.8.20-21_arm64.deb
sha:9f88fba1a471ae8c544c0cb2d0e69ecc6b4abe59
-
alt-python38-tkinter_3.8.20-21_arm64.deb
sha:2c50122652f8520a92e0c39b661e9015d37e4b12
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.