[CLSA-2026:1783610180] Fix CVE(s): CVE-2026-9669
Type:
security
Severity:
Important
Release date:
2026-07-09 15:16:37 UTC
Description:
* SECURITY UPDATE: reusing a bz2.BZ2Decompressor after libbz2 reported a decompression error could re-enter BZ2_bzDecompress() with inconsistent internal state, leading to a stack buffer overflow. - debian/patches/CVE-2026-9669.patch: backport of cpython 5755d0f0 (gh-150599). Records the libbz2 error code on the decompressor and clears needs_input, then refuses further decompress() calls with ValueError so libbz2 is never re-entered after an error. - CVE-2026-9669
CVEs fixed:
Updated packages:
  • alt-python37_3.7.17-25_amd64.deb
    sha:c59af50e027e037175aec8011cc416facf4338b5
  • alt-python37-debug_3.7.17-25_amd64.deb
    sha:492f256dcd7fcf7440c9f2497e0fe2076a3bd328
  • alt-python37-devel_3.7.17-25_amd64.deb
    sha:5554c0ce33836083837abfab25108b90cd89439d
  • alt-python37-libs_3.7.17-25_amd64.deb
    sha:73f8d2e04451ca318782039f1af619b30c7d3366
  • alt-python37-test_3.7.17-25_amd64.deb
    sha:195df996d1cd3fb8c01cdda9453f415bf9434764
  • alt-python37-tkinter_3.7.17-25_amd64.deb
    sha:4b9cc15a8f5aed2d4efd2c71d46d54838f0b1195
  • alt-python37-tools_3.7.17-25_amd64.deb
    sha:a990be343aef17673c69765c6ee3d39609f971e0
  • alt-python37_3.7.17-25_arm64.deb
    sha:910df7a6f7701a07989437639d834510c572c524
  • alt-python37-debug_3.7.17-25_arm64.deb
    sha:2307220a7724e4a99dad7b08722d08a917fb0744
  • alt-python37-devel_3.7.17-25_arm64.deb
    sha:9475de7015815af9fb260c5f37f6f4fe382dcd34
  • alt-python37-libs_3.7.17-25_arm64.deb
    sha:489e71919b5efa0838ba66be0dc17c9d0449b149
  • alt-python37-test_3.7.17-25_arm64.deb
    sha:d9bfbfeb32f5f33ea61cb6d012d0bd587c2b16fb
  • alt-python37-tkinter_3.7.17-25_arm64.deb
    sha:485d3b0deb41fdeaaed958881e35158a5a9ab56f
  • alt-python37-tools_3.7.17-25_arm64.deb
    sha:b5b8308dd4814664d63d550196c6a5b2933a95a0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.