Security update for python3
Announcement ID: | SUSE-SU-2016:2653-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves four vulnerabilities and has three security fixes can now be installed.
Description:
This update provides Python 3.4.5, which brings many fixes and enhancements.
The following security issues have been fixed:
- CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user supplied Proxy request header. (bsc#989523)
- CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751)
- CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177)
- CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348)
The update also includes the following non-security fixes:
- Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166)
- Make urllib proxy var handling behave as usual on POSIX. (bsc#983582)
For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 12 SP1
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1558=1
-
Web and Scripting Module 12
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1558=1
-
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1558=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1558=1
-
SUSE Linux Enterprise Server 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1558=1
Package List:
-
SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
- python3-base-debuginfo-3.4.5-17.1
- libpython3_4m1_0-debuginfo-3.4.5-17.1
- python3-debugsource-3.4.5-17.1
- libpython3_4m1_0-3.4.5-17.1
- python3-base-3.4.5-17.1
- python3-3.4.5-17.1
- python3-base-debugsource-3.4.5-17.1
- python3-debuginfo-3.4.5-17.1
-
Web and Scripting Module 12 (ppc64le s390x x86_64)
- python3-base-debuginfo-3.4.5-17.1
- libpython3_4m1_0-debuginfo-3.4.5-17.1
- python3-debugsource-3.4.5-17.1
- libpython3_4m1_0-3.4.5-17.1
- python3-base-3.4.5-17.1
- python3-3.4.5-17.1
- python3-base-debugsource-3.4.5-17.1
- python3-debuginfo-3.4.5-17.1
-
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- python3-base-debuginfo-3.4.5-17.1
- python3-devel-3.4.5-17.1
- python3-base-debugsource-3.4.5-17.1
- python3-devel-debuginfo-3.4.5-17.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
- python3-base-debuginfo-3.4.5-17.1
- libpython3_4m1_0-debuginfo-3.4.5-17.1
- python3-debugsource-3.4.5-17.1
- libpython3_4m1_0-3.4.5-17.1
- python3-base-3.4.5-17.1
- python3-3.4.5-17.1
- python3-base-debugsource-3.4.5-17.1
- python3-debuginfo-3.4.5-17.1
-
SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
- python3-base-debuginfo-3.4.5-17.1
- libpython3_4m1_0-debuginfo-3.4.5-17.1
- python3-debugsource-3.4.5-17.1
- libpython3_4m1_0-3.4.5-17.1
- python3-base-3.4.5-17.1
- python3-3.4.5-17.1
- python3-base-debugsource-3.4.5-17.1
- python3-debuginfo-3.4.5-17.1
References:
- https://www.suse.com/security/cve/CVE-2016-0772.html
- https://www.suse.com/security/cve/CVE-2016-1000110.html
- https://www.suse.com/security/cve/CVE-2016-5636.html
- https://www.suse.com/security/cve/CVE-2016-5699.html
- https://bugzilla.suse.com/show_bug.cgi?id=951166
- https://bugzilla.suse.com/show_bug.cgi?id=983582
- https://bugzilla.suse.com/show_bug.cgi?id=984751
- https://bugzilla.suse.com/show_bug.cgi?id=985177
- https://bugzilla.suse.com/show_bug.cgi?id=985348
- https://bugzilla.suse.com/show_bug.cgi?id=989523
- https://bugzilla.suse.com/show_bug.cgi?id=991069