[CLSA-2026:1777391712] Fix CVE(s): CVE-2024-0450, CVE-2026-6100

Type:

security

Severity:

Critical

Release date:

2026-04-28 15:55:18 UTC

Description:

   * SECURITY UPDATE: zipfile quoted-overlap zip bomb
     - debian/patches/CVE-2024-0450.patch: raise BadZipFile when an
       archive entry overlaps with another entry or the central
       directory, preventing quoted-overlap zip bombs with extreme
       compression ratios.
     - CVE-2024-0450
   * SECURITY UPDATE: use-after-free in lzma/bz2 decompressors
     - debian/patches/CVE-2026-6100.patch: null next_in at the error:
       label of decompress() in Modules/_bz2module.c and
       Modules/_lzmamodule.c so the decompressor cannot be re-used
       with a stale buffer pointer after a MemoryError.
     - CVE-2026-6100

Updated packages:

alt-python36_3.6.15-30_amd64.deb
sha:bd93a2ef3857b02b8653092d73ee5c95937c79f8
alt-python36-debug_3.6.15-30_amd64.deb
sha:4bfc964dd5e1f3618ef118d69d6305cfc171ff1f
alt-python36-devel_3.6.15-30_amd64.deb
sha:b747312c985b184358047d58f46c1b4c3adde341
alt-python36-libs_3.6.15-30_amd64.deb
sha:6df54f63a4be59fd9af4a328f4714a2a2df0216b
alt-python36-test_3.6.15-30_amd64.deb
sha:fbdbfa809b699447b51c7fc4eb7f6931358e3642
alt-python36-tkinter_3.6.15-30_amd64.deb
sha:4d0a37fe4f5a8d0d30623fa3bd9952679feb1374
alt-python36-tools_3.6.15-30_amd64.deb
sha:a225412da5a4070b25c2c2eee57a4ebc8d36d76c

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.