Release date:
2026-05-13 14:41:25 UTC
Description:
- CVE-2026-3446: binascii.a2b_base64 / base64.b64decode no longer abort the
decoder loop on the first padded quad. The pad character is treated as
non-alphabet data per RFC 4648 section 3.3, so excess data after the
padding is decoded instead of being silently dropped.
Updated packages:
-
alt-python36-3.6.15-23.el9.x86_64.rpm
sha:3f87f7f710d8d7a1afeb25a7be04b9049381674881fcf6743ffb13c2c266c938
-
alt-python36-debug-3.6.15-23.el9.x86_64.rpm
sha:f6fa7daa14c7edf77df42040005455e0cc292894cabd99f08ba22af2510f9762
-
alt-python36-devel-3.6.15-23.el9.x86_64.rpm
sha:d88ac029eafdc934365ad88ccf5b00c79176bea35b22e7e874242b0e476287ba
-
alt-python36-libs-3.6.15-23.el9.x86_64.rpm
sha:0a4f3c62d9c24a131fff99670bc29a751653e27c11137db3c946528fb5b3171a
-
alt-python36-test-3.6.15-23.el9.x86_64.rpm
sha:362b746fb0a38df19b66a0a2d337985a849e71a9252a9c698ff43b55279db5da
-
alt-python36-tkinter-3.6.15-23.el9.x86_64.rpm
sha:fb7b445dc8dfd6f9b1da303771b2d1c43623d794085b39c1d39c0c219dcf8c47
-
alt-python36-tools-3.6.15-23.el9.x86_64.rpm
sha:b3116abe79e2d81c20a14d6d1ffd62795146198fcdbac1ff8027eb57b02cb6e9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
