Release date:
2026-06-25 10:14:28 UTC
Description:
* SECURITY UPDATE: bz2.BZ2Decompressor could be reused after a
decompression error. libbz2 leaves the bz_stream in an inconsistent
state after reporting an error, so re-entering BZ2_bzDecompress() on
that stream could write past the output buffer, a stack buffer
overflow (CWE-121).
- debian/patches/CVE-2026-9669.patch: backport of cpython 5755d0f083
(gh-150599). Record the libbz2 error code in a new BZ2Decompressor
bzerror field, clear needs_input on error, and raise
ValueError("Decompressor is unusable after a previous error") on any
subsequent decompress() call.
- CVE-2026-9669
Updated packages:
-
alt-python39_3.9.23-19_amd64.deb
sha:a59bbbf2dcc00108947e487779109f5fdcacaf4c
-
alt-python39-debug_3.9.23-19_amd64.deb
sha:db629e3b59bd43a5bc1f688676d714d749e4b6c2
-
alt-python39-devel_3.9.23-19_amd64.deb
sha:6f22a64143709fc05673d2bac5e9606de83f9232
-
alt-python39-idle_3.9.23-19_amd64.deb
sha:c67388295410e328fa1fe8669980039a57c7c7b8
-
alt-python39-libs_3.9.23-19_amd64.deb
sha:0e3fc460cb7501ddcf4abd3753c72e5b602c6249
-
alt-python39-test_3.9.23-19_amd64.deb
sha:f7fe8cb2f587d7ed67dae42e32b4c1a83bdbf262
-
alt-python39-tkinter_3.9.23-19_amd64.deb
sha:70f0e1d8818133ebfb69d65540fa09c4818b4aa8
-
alt-python39_3.9.23-19_arm64.deb
sha:fff36e001c0768385fb1f1479e2865dfed6d6d21
-
alt-python39-debug_3.9.23-19_arm64.deb
sha:b99efe19f458ecdab5ef43f0b8b76553b5414dea
-
alt-python39-devel_3.9.23-19_arm64.deb
sha:b68b1fb39f201981f02c55bae1810db6ed39062d
-
alt-python39-idle_3.9.23-19_arm64.deb
sha:d7e85e7d4714677975f4bddc8393026564b84beb
-
alt-python39-libs_3.9.23-19_arm64.deb
sha:71f7f871ced03aecde7b4281ca0186a0b8c2530b
-
alt-python39-test_3.9.23-19_arm64.deb
sha:55505637c2fb092ed77754927e529d3dcf3115bf
-
alt-python39-tkinter_3.9.23-19_arm64.deb
sha:305787bb002633a04ebe0a281fe3a70cd4bc2e1a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.