[CLSA-2026:1777635366] Fix CVE(s): CVE-2024-0397, CVE-2024-4032, CVE-2024-6923, CVE-2026-1299

Type:

security

Severity:

Important

Release date:

2026-05-01 11:36:13 UTC

Description:

   * SECURITY UPDATE: email BytesGenerator header injection
     - debian/patches/CVE-2026-1299.patch: verify generated headers in
       email.generator.BytesGenerator and Generator. Adds the
       HeaderWriteError exception, NEWLINE_WITHOUT_FWSP /
       NEWLINE_WITHOUT_FWSP_BYTES regexes, and the
       Policy.verify_generated_headers attribute, then raises
       HeaderWriteError when the folded header does not end with the
       policy linesep or contains a stray newline. Includes the
       CVE-2024-6923 prerequisite hardening of the string Generator.
     - CVE-2026-1299
   * SECURITY UPDATE: ssl.SSLContext memory race in cert_store_stats /
     get_ca_certs
     - debian/patches/CVE-2024-0397.patch: backport the upstream
       X509_STORE_get1_objects shim and the x509_object_dup helper
       from cpython 29c97287d205bf2f410f4895ebce3f43b5160524, then
       switch _ssl__SSLContext_cert_store_stats_impl and
       _ssl__SSLContext_get_ca_certs_impl to take a deep-copy snapshot
       of the X509_STORE under lock, freeing the snapshot before
       returning. Closes a use-after-free triggered by loading
       certificates concurrently from another thread.
     - CVE-2024-0397
   * SECURITY UPDATE: ipaddress is_private / is_global misclassification
     - debian/patches/CVE-2024-4032.patch: backport upstream
       gh-113171 / gh-65056. Update Lib/ipaddress.py to align the
       _private_networks lists with the IANA special-purpose registries
       and add _private_networks_exceptions so that
       is_private / is_global no longer misclassify addresses in
       192.0.0.0/24 (with 192.0.0.9 and 192.0.0.10 exceptions),
       64:ff9b:1::/48, 2002::/16, and the 2001::/23 sub-range
       exceptions (2001:1::1, 2001:1::2, 2001:3::/32, 2001:4:112::/48,
       2001:20::/28, 2001:30::/28). Includes the matching docs and
       test updates.
     - CVE-2024-4032

Updated packages:

alt-python36_3.6.15-31_amd64.deb
sha:35a10259f1bd0d53b20bec7a8d78fb9d5e3df627
alt-python36-debug_3.6.15-31_amd64.deb
sha:522c3982f0ff67292e5d285587c81a01cbba147b
alt-python36-devel_3.6.15-31_amd64.deb
sha:0e100c4d57fe199ddb359c750723cb52f12b3417
alt-python36-libs_3.6.15-31_amd64.deb
sha:5268a83aab0b75bd26f1dac017e93b735cfe1e4e
alt-python36-test_3.6.15-31_amd64.deb
sha:35aab087812506532c17110b1b3c55bb5bf88dc3
alt-python36-tkinter_3.6.15-31_amd64.deb
sha:8229c96a36738de02fe3713fdbd785347aff5d9f
alt-python36-tools_3.6.15-31_amd64.deb
sha:44db4997b7f322f37ed17a066981274b8089b8c5
alt-python36_3.6.15-31_arm64.deb
sha:174d3585a66c8aff5e322ac8c8f3b8ca48077adb
alt-python36-debug_3.6.15-31_arm64.deb
sha:6eba9aceb7ded40e75bead223aad398f5a289d47
alt-python36-devel_3.6.15-31_arm64.deb
sha:43da9e32f32cdbbdd624887bc381a867c37e592d
alt-python36-libs_3.6.15-31_arm64.deb
sha:e87296158fc840eef8f2fc1225286808f34990c4
alt-python36-test_3.6.15-31_arm64.deb
sha:23038db7e3b1039a6d0678afb37cdfb23669df0b
alt-python36-tkinter_3.6.15-31_arm64.deb
sha:77e0ac37c1fcddc339df0fa0cb35ac225c8cdf1c
alt-python36-tools_3.6.15-31_arm64.deb
sha:103c146cf5599258b266ad66abd4f0db13a50bdd

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.