Release date:
2026-07-09 20:46:35 UTC
Description:
* SECURITY UPDATE: reusing a bz2.BZ2Decompressor after libbz2 reported
a decompression error could re-enter BZ2_bzDecompress() with
inconsistent internal state, leading to a stack buffer overflow.
- debian/patches/CVE-2026-9669.patch: backport of cpython
5755d0f0 (gh-150599). Records the libbz2 error code on the
decompressor and clears needs_input, then refuses further
decompress() calls with ValueError so libbz2 is never re-entered
after an error.
- CVE-2026-9669
Updated packages:
-
alt-python37_3.7.17-25_amd64.deb
sha:d466759c6e9d04ef1627db501458762ec0ac7e1d
-
alt-python37-debug_3.7.17-25_amd64.deb
sha:e3ef28e2ef9ff2994abf658168b60e8e01c443b2
-
alt-python37-devel_3.7.17-25_amd64.deb
sha:0a9fb9b984403d9bd0a409d33a0d546412f6246f
-
alt-python37-libs_3.7.17-25_amd64.deb
sha:60659fe07cf5bb973e78cbb95fab2af927134bbc
-
alt-python37-test_3.7.17-25_amd64.deb
sha:525214f10700b9ee4dde6d626319bba4607c9c76
-
alt-python37-tkinter_3.7.17-25_amd64.deb
sha:5239ef726c5695895b25e703515df5905fe2e707
-
alt-python37-tools_3.7.17-25_amd64.deb
sha:a990be343aef17673c69765c6ee3d39609f971e0
-
alt-python37_3.7.17-25_arm64.deb
sha:7379761e4f0d3937e18f150b22cd99af1c4acf55
-
alt-python37-debug_3.7.17-25_arm64.deb
sha:b31a2ad0de5cd6031d69de0ab37f5daeca0b0535
-
alt-python37-devel_3.7.17-25_arm64.deb
sha:e01505ae0365aefb715d9a7af83f661d84e778ab
-
alt-python37-libs_3.7.17-25_arm64.deb
sha:522c1c89c56cfacb245fcb2a9f39463f15f74d85
-
alt-python37-test_3.7.17-25_arm64.deb
sha:f4177b052f62795b95d807c68b1213f699c8bfed
-
alt-python37-tkinter_3.7.17-25_arm64.deb
sha:e8a9d97f6edb13574b144e8f84c409984aa69cb4
-
alt-python37-tools_3.7.17-25_arm64.deb
sha:b5b8308dd4814664d63d550196c6a5b2933a95a0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.