Release date:
2026-06-25 10:20:33 UTC
Description:
* SECURITY UPDATE: bz2.BZ2Decompressor could be reused after a
decompression error. libbz2 leaves the bz_stream in an inconsistent
state after reporting an error, so re-entering BZ2_bzDecompress() on
that stream could write past the output buffer, a stack buffer
overflow (CWE-121).
- debian/patches/CVE-2026-9669.patch: backport of cpython 5755d0f083
(gh-150599). Record the libbz2 error code in a new BZ2Decompressor
bzerror field, clear needs_input on error, and raise
ValueError("Decompressor is unusable after a previous error") on any
subsequent decompress() call.
- CVE-2026-9669
Updated packages:
-
alt-python39_3.9.23-19_amd64.deb
sha:2bdff7d898dbc3f09c2cdb10f65f64d1d2c58473
-
alt-python39-debug_3.9.23-19_amd64.deb
sha:db629e3b59bd43a5bc1f688676d714d749e4b6c2
-
alt-python39-devel_3.9.23-19_amd64.deb
sha:8ad8e7be492c4465b84250b852feb5efbd6d3273
-
alt-python39-idle_3.9.23-19_amd64.deb
sha:eb56fa6579ec7add0e9f95b58c500d9fe78b2eaa
-
alt-python39-libs_3.9.23-19_amd64.deb
sha:cb51b167203e5b5ea26a79a0d9bb9cfea1d43ac8
-
alt-python39-test_3.9.23-19_amd64.deb
sha:a6a85dbee472abeb71e31abc5df2d2b86f24ceab
-
alt-python39-tkinter_3.9.23-19_amd64.deb
sha:f94710a7a7b1c0e01c0bd10c0a28e9baed1af59c
-
alt-python39_3.9.23-19_arm64.deb
sha:47b4c23ce22a31a1a7fbcb7da66be4c080bfdc2a
-
alt-python39-debug_3.9.23-19_arm64.deb
sha:b99efe19f458ecdab5ef43f0b8b76553b5414dea
-
alt-python39-devel_3.9.23-19_arm64.deb
sha:04a52473fbd45c19f5dcd6af475e4b10b18a855f
-
alt-python39-idle_3.9.23-19_arm64.deb
sha:4570ced19b9ab18fb9be1f976d2b96fe340bce06
-
alt-python39-libs_3.9.23-19_arm64.deb
sha:1c212dc5089d6925376fac917ceea1fd2563f4e9
-
alt-python39-test_3.9.23-19_arm64.deb
sha:c12f17222be576c182463ff5f0b38daa9fc710cb
-
alt-python39-tkinter_3.9.23-19_arm64.deb
sha:2ed0b840550077372ed2a747da297879ee5a9461
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.