[CLSA-2026:1778613293] Fix CVE(s): CVE-2026-3446
Type:
security
Severity:
Moderate
Release date:
2026-05-14 08:40:30 UTC
Description:
* SECURITY UPDATE: binascii.a2b_base64 / base64.b64decode stop decoding after the first padded quad, silently dropping any excess data. The behaviour can lead to data being accepted that other implementations process differently. - debian/patches/CVE-2026-3446.patch: backport of upstream commits 4561f6418a (main), e31c55121620 (3.14), 1f9958f909c1 (3.13). Treats the pad character as non-alphabet data per RFC 4648 section 3.3: the loop in binascii_a2b_base64_impl no longer breaks out on a pad sequence; a `pads` counter is added so post-loop validation still raises "Incorrect padding" / "Invalid base64-encoded string" for inputs that do not satisfy `quad_pos + pads == 4`. The unused `binascii_find_valid` helper is removed. - CVE-2026-3446
Updated packages:
  • alt-python37_3.7.17-18_amd64.deb
    sha:482c4f1e52fabbab171c64624fdc6222c8914c7b
  • alt-python37-debug_3.7.17-18_amd64.deb
    sha:fc9329789f512991fe1be1a39125511be854a40f
  • alt-python37-devel_3.7.17-18_amd64.deb
    sha:18f068d45bee2739337499c8173668558faaf42f
  • alt-python37-libs_3.7.17-18_amd64.deb
    sha:ca2780aa5410061b490dd99320af86c8cc34be01
  • alt-python37-test_3.7.17-18_amd64.deb
    sha:97432838d904f4302c49731ba58cfabe4ca20acb
  • alt-python37-tkinter_3.7.17-18_amd64.deb
    sha:8acd3a0cd36f4e960eee3ab9d2d4317864b84cf4
  • alt-python37-tools_3.7.17-18_amd64.deb
    sha:99da49ab37395aa7fc738e3af13d2ad5937416d0
  • alt-python37_3.7.17-18_arm64.deb
    sha:41acb60352d40ec72e70302a6affff94fc87427f
  • alt-python37-debug_3.7.17-18_arm64.deb
    sha:1be2f15153b4f806b669b5220c4d35decfd84e23
  • alt-python37-devel_3.7.17-18_arm64.deb
    sha:3c32fee540031247276c197c80deb680ba72cf9c
  • alt-python37-libs_3.7.17-18_arm64.deb
    sha:ec5343ba67ea8759183ca2b5ea759f09e54a70d2
  • alt-python37-test_3.7.17-18_arm64.deb
    sha:fa94d0b664d386878494baabc2b72cabbe785298
  • alt-python37-tkinter_3.7.17-18_arm64.deb
    sha:ba40ed751df606e2e6a47c3d25da51d70a96e5c7
  • alt-python37-tools_3.7.17-18_arm64.deb
    sha:e22f42528536f3b26ae8f98ab9111b8b36d0fcac
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.