[CLSA-2026:1778156226] Fix CVE(s): CVE-2026-3446
Type:
security
Severity:
Moderate
Release date:
2026-05-13 14:04:21 UTC
Description:
* SECURITY UPDATE: binascii.a2b_base64 / base64.b64decode stop decoding after the first padded quad, silently dropping any excess data. The behaviour can lead to data being accepted that other implementations process differently. - debian/patches/CVE-2026-3446.patch: backport of upstream commits 4561f6418a (main), e31c55121620 (3.14), 1f9958f909c1 (3.13). Treats the pad character as non-alphabet data per RFC 4648 section 3.3: the loop in binascii_a2b_base64_impl no longer breaks out on a pad sequence; a `pads` counter is added so post-loop validation still raises "Incorrect padding" for inputs that do not satisfy `quad_pos + pads == 4`. The unused `binascii_find_valid` helper is removed. - CVE-2026-3446
Updated packages:
  • alt-python36_3.6.15-32_amd64.deb
    sha:59ed89f1d6fe79c8d11c0d3de00f9d751def4263
  • alt-python36-debug_3.6.15-32_amd64.deb
    sha:677534584072625c83eebc334bb3567cbde244d5
  • alt-python36-devel_3.6.15-32_amd64.deb
    sha:54f99e8cd1d3f1b278fba2048191b3565a69980c
  • alt-python36-libs_3.6.15-32_amd64.deb
    sha:89bdf6d0237933d59669fb6bb939de38ad1d5c8e
  • alt-python36-test_3.6.15-32_amd64.deb
    sha:1e864a0238630e986ec1c217bcde3821a3d9ff16
  • alt-python36-tkinter_3.6.15-32_amd64.deb
    sha:38ce0201e696bf1c531ceb7fcdb41e090099b22c
  • alt-python36-tools_3.6.15-32_amd64.deb
    sha:91dc18341ee5e476250118dfa08c80e301c57775
  • alt-python36_3.6.15-32_arm64.deb
    sha:aed57ec8ddeb35812f7189a424e500cc0326df07
  • alt-python36-debug_3.6.15-32_arm64.deb
    sha:bb3b157a4ebe1967a18dc6830b38766c4b18d2bd
  • alt-python36-devel_3.6.15-32_arm64.deb
    sha:a1c7958733cd8c08334175462cba17a5a289846b
  • alt-python36-libs_3.6.15-32_arm64.deb
    sha:9e60425fe6c22fd8012d7aebd91f5640bb066f37
  • alt-python36-test_3.6.15-32_arm64.deb
    sha:b01eb016c6d0adcff3d4c05e940a08bd535c4138
  • alt-python36-tkinter_3.6.15-32_arm64.deb
    sha:11e20e01353c7bf19f909365e35091e2c473bf68
  • alt-python36-tools_3.6.15-32_arm64.deb
    sha:a13aee172139e0f13522a8bcba1f40f71099700f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.