Mailinglist Archive: opensuse-updates (102 mails)

< Previous Next >
openSUSE-SU-2014:0380-1: moderate: python: update to 2.7.6
openSUSE Security Update: python: update to 2.7.6
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0380-1
Rating: moderate
References: #637176 #831442 #856835 #856836 #857470 #863741

Cross-References: CVE-2013-1752 CVE-2013-1753 CVE-2013-4238
CVE-2014-1912
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that solves four vulnerabilities and has two
fixes is now available.

Description:


Python was updated to 2.7.6 to fix bugs and security issues:

* bugfix-only release
* SSL-related fixes
* upstream fix for CVE-2013-4238
* upstream fixes for CVE-2013-1752


- added patches for CVE-2013-1752 (bnc#856836) issues that
are missing in 2.7.6: python-2.7.6-imaplib.patch
python-2.7.6-poplib.patch smtplib_maxline-2.7.patch
- CVE-2013-1753 (bnc#856835) gzip decompression bomb in
xmlrpc client: xmlrpc_gzip_27.patch
- python-2.7.6-bdist-rpm.patch: fix broken "setup.py
bdist_rpm" command (bnc#857470, issue18045)
- multilib patch: add "~/.local/lib64" paths to search path
(bnc#637176)
- CVE-2014-1912-recvfrom_into.patch: fix potential buffer
overflow in socket.recvfrom_into (CVE-2014-1912,
bnc#863741)
- Add Obsoletes/Provides for python-ctypes.

- reintroduce audioop.so as the problems with it seem to be
fixed (bnc#831442)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-213

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

libpython2_7-1_0-2.7.6-8.6.1
libpython2_7-1_0-debuginfo-2.7.6-8.6.1
python-2.7.6-8.6.1
python-base-2.7.6-8.6.1
python-base-debuginfo-2.7.6-8.6.1
python-base-debugsource-2.7.6-8.6.1
python-curses-2.7.6-8.6.1
python-curses-debuginfo-2.7.6-8.6.1
python-debuginfo-2.7.6-8.6.1
python-debugsource-2.7.6-8.6.1
python-demo-2.7.6-8.6.1
python-devel-2.7.6-8.6.1
python-gdbm-2.7.6-8.6.1
python-gdbm-debuginfo-2.7.6-8.6.1
python-idle-2.7.6-8.6.1
python-tk-2.7.6-8.6.1
python-tk-debuginfo-2.7.6-8.6.1
python-xml-2.7.6-8.6.1
python-xml-debuginfo-2.7.6-8.6.1

- openSUSE 13.1 (x86_64):

libpython2_7-1_0-32bit-2.7.6-8.6.1
libpython2_7-1_0-debuginfo-32bit-2.7.6-8.6.1
python-32bit-2.7.6-8.6.1
python-base-32bit-2.7.6-8.6.1
python-base-debuginfo-32bit-2.7.6-8.6.1
python-debuginfo-32bit-2.7.6-8.6.1

- openSUSE 13.1 (noarch):

python-doc-2.7.6-8.6.1
python-doc-pdf-2.7.6-8.6.1


References:

http://support.novell.com/security/cve/CVE-2013-1752.html
http://support.novell.com/security/cve/CVE-2013-1753.html
http://support.novell.com/security/cve/CVE-2013-4238.html
http://support.novell.com/security/cve/CVE-2014-1912.html
https://bugzilla.novell.com/637176
https://bugzilla.novell.com/831442
https://bugzilla.novell.com/856835
https://bugzilla.novell.com/856836
https://bugzilla.novell.com/857470
https://bugzilla.novell.com/863741


< Previous Next >
This Thread
  • No further messages