[CLSA-2026:1778192926] Fix CVE(s): CVE-2026-3446
Type:
security
Severity:
Moderate
Release date:
2026-05-13 14:23:41 UTC
Description:
* SECURITY UPDATE: binascii.a2b_base64 / base64.b64decode stop decoding after the first padded quad, silently dropping any excess data. The behaviour can lead to data being accepted that other implementations process differently. - debian/patches/CVE-2026-3446.patch: backport of upstream commits 4561f6418a (main), e31c55121620 (3.14), 1f9958f909c1 (3.13). Treats the pad character as non-alphabet data per RFC 4648 section 3.3: the loop in binascii_a2b_base64_impl no longer breaks out on a pad sequence; a `pads` counter is added so post-loop validation still raises "Incorrect padding" for inputs that do not satisfy `quad_pos + pads == 4`. The unused `binascii_find_valid` helper is removed. - CVE-2026-3446
Updated packages:
  • alt-python36_3.6.15-32_amd64.deb
    sha:a6e102f7edc601009ced98ce9ee1f4c6c773d50e
  • alt-python36-debug_3.6.15-32_amd64.deb
    sha:88090496caee3e3de0625d26dd48929941dc61fc
  • alt-python36-devel_3.6.15-32_amd64.deb
    sha:d62aec42bf7b111a0b60f16152e4aca486643caa
  • alt-python36-libs_3.6.15-32_amd64.deb
    sha:e9d30c9b56f01457f2bed77f0c88a442c8b3cda1
  • alt-python36-test_3.6.15-32_amd64.deb
    sha:4eb962d0279e562f32afe001711863bf761e3408
  • alt-python36-tkinter_3.6.15-32_amd64.deb
    sha:c666e5eb1e93884a34b9a6de607d7c81eeaa3099
  • alt-python36-tools_3.6.15-32_amd64.deb
    sha:4e52e0088b84d20653900b70dd90e04c5d9c0710
  • alt-python36_3.6.15-32_arm64.deb
    sha:29aee37d9559e08da35391f03d324e4ec6c03ac5
  • alt-python36-debug_3.6.15-32_arm64.deb
    sha:ffc2dc7e6e427404544677668440cd2e503686ec
  • alt-python36-devel_3.6.15-32_arm64.deb
    sha:f82e3b6e20c7e5c8c1838d4f0efa94c6078620ba
  • alt-python36-libs_3.6.15-32_arm64.deb
    sha:764c1ab2dafd681574af91229a7bcdc094576cdd
  • alt-python36-test_3.6.15-32_arm64.deb
    sha:f8f77f469100e411faf288c34e60bdbe49fcec38
  • alt-python36-tkinter_3.6.15-32_arm64.deb
    sha:913493dc7d081dbffc68da1d6662ba391c98a8a3
  • alt-python36-tools_3.6.15-32_arm64.deb
    sha:bff535f061152ea30b498a2d4ed1abb8b1771087
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.