Release date:
2026-06-24 10:24:53 UTC
Description:
- CVE-2026-9669: the bz2 BZ2Decompressor could be reused after a libbz2
decompression error; re-entering BZ2_bzDecompress() in that state can
write past the end of a stack buffer (CWE-121). The decompressor now
records the libbz2 error and refuses further decompress() calls with
ValueError, becoming unusable after the first error (upstream gh-150599
/ 5755d0f0, adapted to 3.6: plain needs_input reset and existing
ACQUIRE_LOCK/RELEASE_LOCK wrappers, NEWS.d fragment omitted).
Updated packages:
-
alt-python36-3.6.15-30.el8.x86_64.rpm
sha:7bd2f2bbdf187c5cd16a7a04d39d80f1976d9cf38329e975284099f04690e526
-
alt-python36-debug-3.6.15-30.el8.x86_64.rpm
sha:8150eae16072e6b62ae52e2c44303a432fede131dc8ea212ebe5fe1c478edd66
-
alt-python36-devel-3.6.15-30.el8.x86_64.rpm
sha:c09d937a64817f6a4d868708801b2f8cd0687a48b828ac17439b5cb7d117a438
-
alt-python36-libs-3.6.15-30.el8.x86_64.rpm
sha:e8eef573882b0bc67114be0523db83a95141c4af6f7ec6e24981f1d9a885ced7
-
alt-python36-test-3.6.15-30.el8.x86_64.rpm
sha:fad2cc6f3f08e01e4d4007c680aa0f178d2255c7860231cfed6c542a64b6f7ef
-
alt-python36-tkinter-3.6.15-30.el8.x86_64.rpm
sha:9b11ba5d26c01264152b34518b64da6da0df48a683cad1856d2776e229a08aed
-
alt-python36-tools-3.6.15-30.el8.x86_64.rpm
sha:eb6008f848997775979d82ac83c9fae3da76898163ea8116f330824fa96c730d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.