[CLSA-2026:1777634550] Fix CVE(s): CVE-2024-0397, CVE-2024-4032, CVE-2024-6923, CVE-2026-1299

Type:

security

Severity:

Important

Release date:

2026-05-01 11:22:36 UTC

Description:

   * SECURITY UPDATE: email BytesGenerator header injection
     - debian/patches/CVE-2026-1299.patch: verify generated headers in
       email.generator.BytesGenerator and Generator. Adds the
       HeaderWriteError exception, NEWLINE_WITHOUT_FWSP /
       NEWLINE_WITHOUT_FWSP_BYTES regexes, and the
       Policy.verify_generated_headers attribute, then raises
       HeaderWriteError when the folded header does not end with the
       policy linesep or contains a stray newline. Includes the
       CVE-2024-6923 prerequisite hardening of the string Generator.
     - CVE-2026-1299
   * SECURITY UPDATE: ssl.SSLContext memory race in cert_store_stats /
     get_ca_certs
     - debian/patches/CVE-2024-0397.patch: backport the upstream
       X509_STORE_get1_objects shim and the x509_object_dup helper
       from cpython 29c97287d205bf2f410f4895ebce3f43b5160524, then
       switch _ssl__SSLContext_cert_store_stats_impl and
       _ssl__SSLContext_get_ca_certs_impl to take a deep-copy snapshot
       of the X509_STORE under lock, freeing the snapshot before
       returning. Closes a use-after-free triggered by loading
       certificates concurrently from another thread.
     - CVE-2024-0397
   * SECURITY UPDATE: ipaddress is_private / is_global misclassification
     - debian/patches/CVE-2024-4032.patch: backport upstream
       gh-113171 / gh-65056. Update Lib/ipaddress.py to align the
       _private_networks lists with the IANA special-purpose registries
       and add _private_networks_exceptions so that
       is_private / is_global no longer misclassify addresses in
       192.0.0.0/24 (with 192.0.0.9 and 192.0.0.10 exceptions),
       64:ff9b:1::/48, 2002::/16, and the 2001::/23 sub-range
       exceptions (2001:1::1, 2001:1::2, 2001:3::/32, 2001:4:112::/48,
       2001:20::/28, 2001:30::/28). Includes the matching docs and
       test updates.
     - CVE-2024-4032

Updated packages:

alt-python36_3.6.15-31_amd64.deb
sha:cb63d93c074f39f798ecb9361a1940a1d0aea51e
alt-python36-debug_3.6.15-31_amd64.deb
sha:7b50b77054aa6656d29f08346b72d6a8a05a1625
alt-python36-devel_3.6.15-31_amd64.deb
sha:6a9eeaccb627a9721279f70ebc73f9232dd57f50
alt-python36-libs_3.6.15-31_amd64.deb
sha:3696b9ad119a5aade1f26942e932d0f075874cd6
alt-python36-test_3.6.15-31_amd64.deb
sha:423381faf13b24ff0fc58467695afb60a46c2e23
alt-python36-tkinter_3.6.15-31_amd64.deb
sha:7e7c08379cdf6af6908e446337a58953e45fdcde
alt-python36-tools_3.6.15-31_amd64.deb
sha:c94fe8ee1c789d7a3b5e4204bd4633dc4f646e67
alt-python36_3.6.15-31_arm64.deb
sha:8e24b219b8ad2bd8142c9de0ce4db414600b54c3
alt-python36-debug_3.6.15-31_arm64.deb
sha:6301555461738b1d42f3d74906573858b482e688
alt-python36-devel_3.6.15-31_arm64.deb
sha:778364c0aea126d1aa5b07b9659b1b2c2d3d527e
alt-python36-libs_3.6.15-31_arm64.deb
sha:e36edf5d054bb194c9d8e71178328821f408e916
alt-python36-test_3.6.15-31_arm64.deb
sha:e1710c61e9ac2354171f855e6cfea69d98b7be15
alt-python36-tkinter_3.6.15-31_arm64.deb
sha:1e0fd8ddfb3cd96fe2bc50e1b4c45c41b8ecb225
alt-python36-tools_3.6.15-31_arm64.deb
sha:d47e2d9b9d1d077f9a010b6841aff18120ccc2c3

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.