openSUSE-SU-2014:0380-1: moderate: python: update to 2.7.6 - openSUSE Updates

15 Mar 2014


      openSUSE Security Update: python: update to 2.7.6
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2014:0380-1
Rating:             moderate
References:         #637176 #831442 #856835 #856836 #857470 #863741
Cross-References:   CVE-2013-1752 CVE-2013-1753 CVE-2013-4238
                    CVE-2014-1912
Affected Products:
                    openSUSE 13.1
______________________________________________________________________________
An update that solves four vulnerabilities and has two
   fixes is now available.
Description:
Python was updated to 2.7.6 to fix bugs and security issues:
* bugfix-only release
   * SSL-related fixes
   * upstream fix for CVE-2013-4238
   * upstream fixes for CVE-2013-1752
- added patches for CVE-2013-1752 (bnc#856836) issues that
   are missing in 2.7.6: python-2.7.6-imaplib.patch
   python-2.7.6-poplib.patch smtplib_maxline-2.7.patch
   - CVE-2013-1753 (bnc#856835) gzip decompression bomb in
   xmlrpc client: xmlrpc_gzip_27.patch
   - python-2.7.6-bdist-rpm.patch: fix broken "setup.py
   bdist_rpm" command (bnc#857470, issue18045)
   - multilib patch: add "~/.local/lib64" paths to search path
   (bnc#637176)
   - CVE-2014-1912-recvfrom_into.patch: fix potential buffer
   overflow in socket.recvfrom_into (CVE-2014-1912,
   bnc#863741)
   - Add Obsoletes/Provides for python-ctypes.
- reintroduce audioop.so as the problems with it seem to be
   fixed (bnc#831442)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-213
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
libpython2_7-1_0-2.7.6-8.6.1
      libpython2_7-1_0-debuginfo-2.7.6-8.6.1
      python-2.7.6-8.6.1
      python-base-2.7.6-8.6.1
      python-base-debuginfo-2.7.6-8.6.1
      python-base-debugsource-2.7.6-8.6.1
      python-curses-2.7.6-8.6.1
      python-curses-debuginfo-2.7.6-8.6.1
      python-debuginfo-2.7.6-8.6.1
      python-debugsource-2.7.6-8.6.1
      python-demo-2.7.6-8.6.1
      python-devel-2.7.6-8.6.1
      python-gdbm-2.7.6-8.6.1
      python-gdbm-debuginfo-2.7.6-8.6.1
      python-idle-2.7.6-8.6.1
      python-tk-2.7.6-8.6.1
      python-tk-debuginfo-2.7.6-8.6.1
      python-xml-2.7.6-8.6.1
      python-xml-debuginfo-2.7.6-8.6.1
- openSUSE 13.1 (x86_64):
libpython2_7-1_0-32bit-2.7.6-8.6.1
      libpython2_7-1_0-debuginfo-32bit-2.7.6-8.6.1
      python-32bit-2.7.6-8.6.1
      python-base-32bit-2.7.6-8.6.1
      python-base-debuginfo-32bit-2.7.6-8.6.1
      python-debuginfo-32bit-2.7.6-8.6.1
- openSUSE 13.1 (noarch):
python-doc-2.7.6-8.6.1
      python-doc-pdf-2.7.6-8.6.1
References:
http://support.novell.com/security/cve/CVE-2013-1752.html
   http://support.novell.com/security/cve/CVE-2013-1753.html
   http://support.novell.com/security/cve/CVE-2013-4238.html
   http://support.novell.com/security/cve/CVE-2014-1912.html
   https://bugzilla.novell.com/637176
   https://bugzilla.novell.com/831442
   https://bugzilla.novell.com/856835
   https://bugzilla.novell.com/856836
   https://bugzilla.novell.com/857470
   https://bugzilla.novell.com/863741