Release date:
2026-05-01 12:15:22 UTC
Description:
- CVE-2026-1299: email.BytesGenerator now refuses to serialize headers
that are unsafely folded or contain unfolded newlines, closing a
header-injection bypass of CVE-2024-6923 (also includes the
CVE-2024-6923 prerequisite hardening of the string Generator)
- CVE-2024-0397: ssl.SSLContext.cert_store_stats() and get_ca_certs()
now correctly lock the certificate store via a backported
X509_STORE_get1_objects shim, fixing a memory race when an
SSLContext is shared across threads
- CVE-2024-4032: ipaddress is_private/is_global now classify addresses
per the IANA special-purpose registries (192.0.0.0/24 with 192.0.0.9
and 192.0.0.10 exceptions, 64:ff9b:1::/48, 2002::/16, and the
2001::/23 sub-range exceptions)
Updated packages:
-
alt-python36-3.6.15-22.el8.x86_64.rpm
sha:489f2ca3e99546b96d386a780ac5448ba877462c2d084157e10dccc51953a4c0
-
alt-python36-debug-3.6.15-22.el8.x86_64.rpm
sha:ed523ffb340116641e303ee78b46afc60e87617ddb6bf54356acbbe116cb72ca
-
alt-python36-devel-3.6.15-22.el8.x86_64.rpm
sha:4e2fb81dd459e7ced146eefe9586532c5491cfc31adb6949c85f231c57c49a79
-
alt-python36-libs-3.6.15-22.el8.x86_64.rpm
sha:6bca68ecbd56e4c09d63555fb224b54c8462516667c191f2f51e81957f1e2281
-
alt-python36-test-3.6.15-22.el8.x86_64.rpm
sha:63f9064c0fa59d01b71d79e964b46fbcd33bf3699351d88292978b0714460a52
-
alt-python36-tkinter-3.6.15-22.el8.x86_64.rpm
sha:fed252d0b572262b4f9bbf0a0dade5d538393772b58fd806fcef67e51a05298e
-
alt-python36-tools-3.6.15-22.el8.x86_64.rpm
sha:05eac73e0183378ebc856c98c8c303e3053710f7f17e6d9d711fb4717deec717
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
