Release date:
2026-07-09 15:16:37 UTC
Description:
* SECURITY UPDATE: reusing a bz2.BZ2Decompressor after libbz2 reported
a decompression error could re-enter BZ2_bzDecompress() with
inconsistent internal state, leading to a stack buffer overflow.
- debian/patches/CVE-2026-9669.patch: backport of cpython
5755d0f0 (gh-150599). Records the libbz2 error code on the
decompressor and clears needs_input, then refuses further
decompress() calls with ValueError so libbz2 is never re-entered
after an error.
- CVE-2026-9669
Updated packages:
-
alt-python37_3.7.17-25_amd64.deb
sha:c59af50e027e037175aec8011cc416facf4338b5
-
alt-python37-debug_3.7.17-25_amd64.deb
sha:492f256dcd7fcf7440c9f2497e0fe2076a3bd328
-
alt-python37-devel_3.7.17-25_amd64.deb
sha:5554c0ce33836083837abfab25108b90cd89439d
-
alt-python37-libs_3.7.17-25_amd64.deb
sha:73f8d2e04451ca318782039f1af619b30c7d3366
-
alt-python37-test_3.7.17-25_amd64.deb
sha:195df996d1cd3fb8c01cdda9453f415bf9434764
-
alt-python37-tkinter_3.7.17-25_amd64.deb
sha:4b9cc15a8f5aed2d4efd2c71d46d54838f0b1195
-
alt-python37-tools_3.7.17-25_amd64.deb
sha:a990be343aef17673c69765c6ee3d39609f971e0
-
alt-python37_3.7.17-25_arm64.deb
sha:910df7a6f7701a07989437639d834510c572c524
-
alt-python37-debug_3.7.17-25_arm64.deb
sha:2307220a7724e4a99dad7b08722d08a917fb0744
-
alt-python37-devel_3.7.17-25_arm64.deb
sha:9475de7015815af9fb260c5f37f6f4fe382dcd34
-
alt-python37-libs_3.7.17-25_arm64.deb
sha:489e71919b5efa0838ba66be0dc17c9d0449b149
-
alt-python37-test_3.7.17-25_arm64.deb
sha:d9bfbfeb32f5f33ea61cb6d012d0bd587c2b16fb
-
alt-python37-tkinter_3.7.17-25_arm64.deb
sha:485d3b0deb41fdeaaed958881e35158a5a9ab56f
-
alt-python37-tools_3.7.17-25_arm64.deb
sha:b5b8308dd4814664d63d550196c6a5b2933a95a0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.