Mailinglist Archive: opensuse-updates (99 mails)

< Previous Next >
openSUSE-SU-2016:1885-1: moderate: Security update for python
openSUSE Security Update: Security update for python
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1885-1
Rating: moderate
References: #964182 #984751 #985177 #985348
Cross-References: CVE-2016-0772 CVE-2016-5636 CVE-2016-5699

Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
______________________________________________________________________________

An update that solves three vulnerabilities and has one
errata is now available.

Description:

Python was updated to fix three security issues.

The following vulnerabilities were fixed:

- CVE-2016-0772: TLS stripping attack on smtplib (bsc#984751)
- CVE-2016-5636: zipimporter heap overflow (bsc#985177)
- CVE-2016-5699: httplib header injection (bsc#985348)

This update also includes all upstream bug fixes and improvements in
Python 2.7.12.

It also includes the following packaging changes:

- reintroduce support for CA directory path

The following tracked packaging issues were fixed:

- broken overflow checks (bsc#964182)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-906=1

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-906=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

libpython2_7-1_0-2.7.12-23.1
libpython2_7-1_0-debuginfo-2.7.12-23.1
python-2.7.12-23.1
python-base-2.7.12-23.1
python-base-debuginfo-2.7.12-23.1
python-base-debugsource-2.7.12-23.1
python-curses-2.7.12-23.1
python-curses-debuginfo-2.7.12-23.1
python-debuginfo-2.7.12-23.1
python-debugsource-2.7.12-23.1
python-demo-2.7.12-23.1
python-devel-2.7.12-23.1
python-gdbm-2.7.12-23.1
python-gdbm-debuginfo-2.7.12-23.1
python-idle-2.7.12-23.1
python-tk-2.7.12-23.1
python-tk-debuginfo-2.7.12-23.1
python-xml-2.7.12-23.1
python-xml-debuginfo-2.7.12-23.1

- openSUSE Leap 42.1 (noarch):

python-doc-2.7.12-23.1
python-doc-pdf-2.7.12-23.1

- openSUSE Leap 42.1 (x86_64):

libpython2_7-1_0-32bit-2.7.12-23.1
libpython2_7-1_0-debuginfo-32bit-2.7.12-23.1
python-32bit-2.7.12-23.1
python-base-32bit-2.7.12-23.1
python-base-debuginfo-32bit-2.7.12-23.1
python-debuginfo-32bit-2.7.12-23.1

- openSUSE 13.2 (i586 x86_64):

libpython2_7-1_0-2.7.12-3.1
libpython2_7-1_0-debuginfo-2.7.12-3.1
python-2.7.12-3.1
python-base-2.7.12-3.1
python-base-debuginfo-2.7.12-3.1
python-base-debugsource-2.7.12-3.1
python-curses-2.7.12-3.1
python-curses-debuginfo-2.7.12-3.1
python-debuginfo-2.7.12-3.1
python-debugsource-2.7.12-3.1
python-demo-2.7.12-3.1
python-devel-2.7.12-3.1
python-gdbm-2.7.12-3.1
python-gdbm-debuginfo-2.7.12-3.1
python-idle-2.7.12-3.1
python-tk-2.7.12-3.1
python-tk-debuginfo-2.7.12-3.1
python-xml-2.7.12-3.1
python-xml-debuginfo-2.7.12-3.1

- openSUSE 13.2 (noarch):

python-doc-2.7.12-3.1
python-doc-pdf-2.7.12-3.1

- openSUSE 13.2 (x86_64):

libpython2_7-1_0-32bit-2.7.12-3.1
libpython2_7-1_0-debuginfo-32bit-2.7.12-3.1
python-32bit-2.7.12-3.1
python-base-32bit-2.7.12-3.1
python-base-debuginfo-32bit-2.7.12-3.1
python-debuginfo-32bit-2.7.12-3.1


References:

https://www.suse.com/security/cve/CVE-2016-0772.html
https://www.suse.com/security/cve/CVE-2016-5636.html
https://www.suse.com/security/cve/CVE-2016-5699.html
https://bugzilla.suse.com/964182
https://bugzilla.suse.com/984751
https://bugzilla.suse.com/985177
https://bugzilla.suse.com/985348


< Previous Next >
This Thread
  • No further messages