Release date:
2026-05-01 12:06:34 UTC
Description:
- CVE-2026-1299: email.BytesGenerator now refuses to serialize headers
that are unsafely folded or contain unfolded newlines, closing a
header-injection bypass of CVE-2024-6923 (also includes the
CVE-2024-6923 prerequisite hardening of the string Generator)
- CVE-2024-0397: ssl.SSLContext.cert_store_stats() and get_ca_certs()
now correctly lock the certificate store via a backported
X509_STORE_get1_objects shim, fixing a memory race when an
SSLContext is shared across threads
- CVE-2024-4032: ipaddress is_private/is_global now classify addresses
per the IANA special-purpose registries (192.0.0.0/24 with 192.0.0.9
and 192.0.0.10 exceptions, 64:ff9b:1::/48, 2002::/16, and the
2001::/23 sub-range exceptions)
Updated packages:
-
alt-python36-3.6.15-22.el10.x86_64.rpm
sha:64fb1feaa46243300073450ed80acddf18e6870b325a94fee84b176e06deaade
-
alt-python36-debug-3.6.15-22.el10.x86_64.rpm
sha:194235b2c80bd2d16ad83ee03b87d831d046ed2b2cc129ac06a30853f9c1874b
-
alt-python36-devel-3.6.15-22.el10.x86_64.rpm
sha:5a1fc0d2bcce75b3392a36b20d366705655f55f1c393597c38c88a75bde7270f
-
alt-python36-libs-3.6.15-22.el10.x86_64.rpm
sha:44a71333978b01300ae90736896fe29dd89579f3411b5960b89f3157e3b95fb6
-
alt-python36-test-3.6.15-22.el10.x86_64.rpm
sha:b45f6492ee337ac81bbce59055493c5f28b677fd22b814c68b31eb0c95e58ad2
-
alt-python36-tkinter-3.6.15-22.el10.x86_64.rpm
sha:4788d8722765de328fa593b6186f5b2afda8de7d35c46471a24e684fc6c73da9
-
alt-python36-tools-3.6.15-22.el10.x86_64.rpm
sha:34d409ed9688d4a0952bc7479ed92a4c6e1a6c875be2cc928a042e15bc6c9ee9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
