[CLSA-2026:1783629978] Fix CVE(s): CVE-2026-9669
Type:
security
Severity:
Important
Release date:
2026-07-09 20:46:35 UTC
Description:
* SECURITY UPDATE: reusing a bz2.BZ2Decompressor after libbz2 reported a decompression error could re-enter BZ2_bzDecompress() with inconsistent internal state, leading to a stack buffer overflow. - debian/patches/CVE-2026-9669.patch: backport of cpython 5755d0f0 (gh-150599). Records the libbz2 error code on the decompressor and clears needs_input, then refuses further decompress() calls with ValueError so libbz2 is never re-entered after an error. - CVE-2026-9669
CVEs fixed:
Updated packages:
  • alt-python37_3.7.17-25_amd64.deb
    sha:d466759c6e9d04ef1627db501458762ec0ac7e1d
  • alt-python37-debug_3.7.17-25_amd64.deb
    sha:e3ef28e2ef9ff2994abf658168b60e8e01c443b2
  • alt-python37-devel_3.7.17-25_amd64.deb
    sha:0a9fb9b984403d9bd0a409d33a0d546412f6246f
  • alt-python37-libs_3.7.17-25_amd64.deb
    sha:60659fe07cf5bb973e78cbb95fab2af927134bbc
  • alt-python37-test_3.7.17-25_amd64.deb
    sha:525214f10700b9ee4dde6d626319bba4607c9c76
  • alt-python37-tkinter_3.7.17-25_amd64.deb
    sha:5239ef726c5695895b25e703515df5905fe2e707
  • alt-python37-tools_3.7.17-25_amd64.deb
    sha:a990be343aef17673c69765c6ee3d39609f971e0
  • alt-python37_3.7.17-25_arm64.deb
    sha:7379761e4f0d3937e18f150b22cd99af1c4acf55
  • alt-python37-debug_3.7.17-25_arm64.deb
    sha:b31a2ad0de5cd6031d69de0ab37f5daeca0b0535
  • alt-python37-devel_3.7.17-25_arm64.deb
    sha:e01505ae0365aefb715d9a7af83f661d84e778ab
  • alt-python37-libs_3.7.17-25_arm64.deb
    sha:522c1c89c56cfacb245fcb2a9f39463f15f74d85
  • alt-python37-test_3.7.17-25_arm64.deb
    sha:f4177b052f62795b95d807c68b1213f699c8bfed
  • alt-python37-tkinter_3.7.17-25_arm64.deb
    sha:e8a9d97f6edb13574b144e8f84c409984aa69cb4
  • alt-python37-tools_3.7.17-25_arm64.deb
    sha:b5b8308dd4814664d63d550196c6a5b2933a95a0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.