SUSE-SU-2016:2653-1: moderate: Security update for python3
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Oct 26 10:25:39 MDT 2016
SUSE Security Update: Security update for python3
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2653-1
Rating: moderate
References: #951166 #983582 #984751 #985177 #985348 #989523
#991069
Cross-References: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636
CVE-2016-5699
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves four vulnerabilities and has three
fixes is now available.
Description:
This update provides Python 3.4.5, which brings many fixes and
enhancements.
The following security issues have been fixed:
- CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY
environment variable based on user supplied Proxy request header.
(bsc#989523)
- CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM
attacker to perform a startTLS stripping attack. (bsc#984751)
- CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177)
- CVE-2016-5699: A header injection flaw in
urrlib2/urllib/httplib/http.client. (bsc#985348)
The update also includes the following non-security fixes:
- Don't force 3rd party C extensions to be built with
-Werror=declaration-after-statement. (bsc#951166)
- Make urllib proxy var handling behave as usual on POSIX. (bsc#983582)
For a comprehensive list of changes please refer to the upstream change
log: https://docs.python.org/3.4/whatsnew/changelog.html
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1558=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1558=1
- SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1558=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1558=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
python3-base-debuginfo-3.4.5-17.1
python3-base-debugsource-3.4.5-17.1
python3-devel-3.4.5-17.1
python3-devel-debuginfo-3.4.5-17.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
libpython3_4m1_0-3.4.5-17.1
libpython3_4m1_0-debuginfo-3.4.5-17.1
python3-3.4.5-17.1
python3-base-3.4.5-17.1
python3-base-debuginfo-3.4.5-17.1
python3-base-debugsource-3.4.5-17.1
python3-debuginfo-3.4.5-17.1
python3-debugsource-3.4.5-17.1
- SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64):
libpython3_4m1_0-3.4.5-17.1
libpython3_4m1_0-debuginfo-3.4.5-17.1
python3-3.4.5-17.1
python3-base-3.4.5-17.1
python3-base-debuginfo-3.4.5-17.1
python3-base-debugsource-3.4.5-17.1
python3-debuginfo-3.4.5-17.1
python3-debugsource-3.4.5-17.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
libpython3_4m1_0-3.4.5-17.1
libpython3_4m1_0-debuginfo-3.4.5-17.1
python3-3.4.5-17.1
python3-base-3.4.5-17.1
python3-base-debuginfo-3.4.5-17.1
python3-base-debugsource-3.4.5-17.1
python3-debuginfo-3.4.5-17.1
python3-debugsource-3.4.5-17.1
References:
https://www.suse.com/security/cve/CVE-2016-0772.html
https://www.suse.com/security/cve/CVE-2016-1000110.html
https://www.suse.com/security/cve/CVE-2016-5636.html
https://www.suse.com/security/cve/CVE-2016-5699.html
https://bugzilla.suse.com/951166
https://bugzilla.suse.com/983582
https://bugzilla.suse.com/984751
https://bugzilla.suse.com/985177
https://bugzilla.suse.com/985348
https://bugzilla.suse.com/989523
https://bugzilla.suse.com/991069
More information about the sle-security-updates
mailing list