[CLSA-2026:1777626253] Fix CVE(s): CVE-2024-0397, CVE-2024-4032, CVE-2024-6923, CVE-2026-1299

Type:

security

Severity:

Important

Release date:

2026-05-01 09:04:19 UTC

Description:

   * SECURITY UPDATE: email BytesGenerator header injection
     - debian/patches/CVE-2026-1299.patch: combined backport of
       gh-121650 (CVE-2024-6923) and gh-144125 (CVE-2026-1299) that
       adds email.errors.HeaderWriteError, the
       policy.verify_generated_headers attribute, and the
       verify-on-write check for both Generator and BytesGenerator,
       preventing CRLF/LF header injection through custom fold().
     - CVE-2026-1299
   * SECURITY UPDATE: ssl.SSLContext memory race in cert_store_stats /
     get_ca_certs
     - debian/patches/CVE-2024-0397.patch: backport the
       X509_STORE_get1_objects shim and the x509_object_dup helper from
       cpython 3.8.20 (29c97287d2). The two affected impl functions in
       Modules/_ssl.c (cert_store_stats / get_ca_certs) now take a
       deep-copy snapshot of the X509_STORE under X509_STORE_lock(),
       preventing the use-after-free that occurred when certificates
       were loaded concurrently from another thread.
     - CVE-2024-0397
   * SECURITY UPDATE: ipaddress is_private/is_global misclassification
     - debian/patches/CVE-2024-4032.patch: backport cpython 3.8.20 fix
       895f7e2ac2 (gh-113171). Adds the
       _IPv4Constants._private_networks_exceptions list (192.0.0.9/32,
       192.0.0.10/32) and the IPv6 equivalents (2001:1::1/128,
       2001:1::2/128, 2001:3::/32, 2001:4:112::/48, 2001:20::/28,
       2001:30::/28). Expands 192.0.0.0/29 to /24, adds 64:ff9b:1::/48
       and 2002::/16 to the IPv6 _private_networks list, and updates
       is_private to filter against the exceptions list and use
       ipv4_mapped semantics on IPv6.
     - CVE-2024-4032

Updated packages:

alt-python37_3.7.17-17_amd64.deb
sha:dad976bc0da7c1452eec4de68d6fc8700cf3177e
alt-python37-debug_3.7.17-17_amd64.deb
sha:c5799ba85032751d9e9cc7cce8fa6a93951e669a
alt-python37-devel_3.7.17-17_amd64.deb
sha:07e97f2488cdbfd6b6e89c066d1bfb34d41c0d92
alt-python37-libs_3.7.17-17_amd64.deb
sha:d5f30f7a86e43531cc88490947583cc48b8330d5
alt-python37-test_3.7.17-17_amd64.deb
sha:1b5b29469deddc5cfc44203287b319f0a5e23cb5
alt-python37-tkinter_3.7.17-17_amd64.deb
sha:74565b2f62d920bbc0e93b147d9285c5f36cede0
alt-python37-tools_3.7.17-17_amd64.deb
sha:8b8918a6b9230773a309751f83849eb0c905187c
alt-python37_3.7.17-17_arm64.deb
sha:caa5bea684a009ce82f977d6bb04bcaaaeb80b01
alt-python37-debug_3.7.17-17_arm64.deb
sha:1d2dc84e11eb9faa79ae01dfa9849f65943f1754
alt-python37-devel_3.7.17-17_arm64.deb
sha:1279e0e789293c5f2ac5e7a6ed0c6c3f00a2e702
alt-python37-libs_3.7.17-17_arm64.deb
sha:aceaae9b87e8c92d1ba9126150c695758d07bd58
alt-python37-test_3.7.17-17_arm64.deb
sha:513213880db94cc519dffaad0681ba662546907f
alt-python37-tkinter_3.7.17-17_arm64.deb
sha:5da6c0b24923d7962ae96f33b98c13ea69a7c61f
alt-python37-tools_3.7.17-17_arm64.deb
sha:7049707fd950ea4fda9e5a2f06322cecb518b607

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.