SUSE-SU-2017:0569-1: moderate: Security update for python-pysaml2

sle-updates at sle-updates at
Mon Feb 27 10:10:20 MST 2017

   SUSE Security Update: Security update for python-pysaml2

Announcement ID:    SUSE-SU-2017:0569-1
Rating:             moderate
References:         #1019074 
Cross-References:   CVE-2016-10127 CVE-2016-10149
Affected Products:
                    SUSE OpenStack Cloud 6

   An update that fixes two vulnerabilities is now available.


   This update for python-pysaml2 fixes the following issues:

   - CVE-2016-10127 and CVE-2016-10149: XXE (XML external entity) issues were
     fixed in python-pysaml2, where external requests to other XML content
     could be made by parsing XML files using this SAML2 library.

     To fix this bug, the new dependency python-defusedxml was added and is
   used for sanitizing XML content.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2017-298=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE OpenStack Cloud 6 (noarch):



More information about the sle-updates mailing list