openSUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2120-1 Rating: moderate References: #935856 #951166 #983582 #984751 #985177 #985348 #989523 Cross-References: CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for python3 fixes the following issues: - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-997=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-997=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): libpython3_4m1_0-3.4.5-8.1 libpython3_4m1_0-debuginfo-3.4.5-8.1 python3-3.4.5-8.1 python3-base-3.4.5-8.1 python3-base-debuginfo-3.4.5-8.1 python3-base-debugsource-3.4.5-8.1 python3-curses-3.4.5-8.1 python3-curses-debuginfo-3.4.5-8.1 python3-dbm-3.4.5-8.1 python3-dbm-debuginfo-3.4.5-8.1 python3-debuginfo-3.4.5-8.1 python3-debugsource-3.4.5-8.1 python3-devel-3.4.5-8.1 python3-devel-debuginfo-3.4.5-8.1 python3-idle-3.4.5-8.1 python3-testsuite-3.4.5-8.1 python3-testsuite-debuginfo-3.4.5-8.1 python3-tk-3.4.5-8.1 python3-tk-debuginfo-3.4.5-8.1 python3-tools-3.4.5-8.1 - openSUSE Leap 42.1 (x86_64): libpython3_4m1_0-32bit-3.4.5-8.1 libpython3_4m1_0-debuginfo-32bit-3.4.5-8.1 python3-32bit-3.4.5-8.1 python3-base-32bit-3.4.5-8.1 python3-base-debuginfo-32bit-3.4.5-8.1 python3-debuginfo-32bit-3.4.5-8.1 - openSUSE Leap 42.1 (noarch): python3-doc-3.4.5-8.1 python3-doc-pdf-3.4.5-8.1 - openSUSE 13.2 (i586 x86_64): libpython3_4m1_0-3.4.5-4.4.1 libpython3_4m1_0-debuginfo-3.4.5-4.4.1 python3-3.4.5-4.4.1 python3-base-3.4.5-4.4.1 python3-base-debuginfo-3.4.5-4.4.1 python3-base-debugsource-3.4.5-4.4.1 python3-curses-3.4.5-4.4.1 python3-curses-debuginfo-3.4.5-4.4.1 python3-dbm-3.4.5-4.4.1 python3-dbm-debuginfo-3.4.5-4.4.1 python3-debuginfo-3.4.5-4.4.1 python3-debugsource-3.4.5-4.4.1 python3-devel-3.4.5-4.4.1 python3-devel-debuginfo-3.4.5-4.4.1 python3-idle-3.4.5-4.4.1 python3-testsuite-3.4.5-4.4.1 python3-testsuite-debuginfo-3.4.5-4.4.1 python3-tk-3.4.5-4.4.1 python3-tk-debuginfo-3.4.5-4.4.1 python3-tools-3.4.5-4.4.1 - openSUSE 13.2 (noarch): python3-doc-3.4.5-4.4.1 python3-doc-pdf-3.4.5-4.4.1 - openSUSE 13.2 (x86_64): libpython3_4m1_0-32bit-3.4.5-4.4.1 libpython3_4m1_0-debuginfo-32bit-3.4.5-4.4.1 python3-32bit-3.4.5-4.4.1 python3-base-32bit-3.4.5-4.4.1 python3-base-debuginfo-32bit-3.4.5-4.4.1 python3-debuginfo-32bit-3.4.5-4.4.1 References: https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2016-5699.html https://bugzilla.suse.com/935856 https://bugzilla.suse.com/951166 https://bugzilla.suse.com/983582 https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985177 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523