Mailinglist Archive: opensuse-updates (127 mails)

< Previous Next >
openSUSE-SU-2016:2120-1: moderate: Security update for python3
openSUSE Security Update: Security update for python3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2120-1
Rating: moderate
References: #935856 #951166 #983582 #984751 #985177 #985348
#989523
Cross-References: CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110
CVE-2016-5636 CVE-2016-5699
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
______________________________________________________________________________

An update that solves 5 vulnerabilities and has two fixes
is now available.

Description:


This update for python3 fixes the following issues:

- apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable
based on user supplied Proxy request header (fixes boo#989523,
CVE-2016-1000110)

- update to 3.4.5 check:
https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751,
CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348,
CVE-2016-5699)


- Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856


- apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable
based on user supplied Proxy request header: (fixes boo#989523,
CVE-2016-1000110)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-997=1

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-997=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

libpython3_4m1_0-3.4.5-8.1
libpython3_4m1_0-debuginfo-3.4.5-8.1
python3-3.4.5-8.1
python3-base-3.4.5-8.1
python3-base-debuginfo-3.4.5-8.1
python3-base-debugsource-3.4.5-8.1
python3-curses-3.4.5-8.1
python3-curses-debuginfo-3.4.5-8.1
python3-dbm-3.4.5-8.1
python3-dbm-debuginfo-3.4.5-8.1
python3-debuginfo-3.4.5-8.1
python3-debugsource-3.4.5-8.1
python3-devel-3.4.5-8.1
python3-devel-debuginfo-3.4.5-8.1
python3-idle-3.4.5-8.1
python3-testsuite-3.4.5-8.1
python3-testsuite-debuginfo-3.4.5-8.1
python3-tk-3.4.5-8.1
python3-tk-debuginfo-3.4.5-8.1
python3-tools-3.4.5-8.1

- openSUSE Leap 42.1 (x86_64):

libpython3_4m1_0-32bit-3.4.5-8.1
libpython3_4m1_0-debuginfo-32bit-3.4.5-8.1
python3-32bit-3.4.5-8.1
python3-base-32bit-3.4.5-8.1
python3-base-debuginfo-32bit-3.4.5-8.1
python3-debuginfo-32bit-3.4.5-8.1

- openSUSE Leap 42.1 (noarch):

python3-doc-3.4.5-8.1
python3-doc-pdf-3.4.5-8.1

- openSUSE 13.2 (i586 x86_64):

libpython3_4m1_0-3.4.5-4.4.1
libpython3_4m1_0-debuginfo-3.4.5-4.4.1
python3-3.4.5-4.4.1
python3-base-3.4.5-4.4.1
python3-base-debuginfo-3.4.5-4.4.1
python3-base-debugsource-3.4.5-4.4.1
python3-curses-3.4.5-4.4.1
python3-curses-debuginfo-3.4.5-4.4.1
python3-dbm-3.4.5-4.4.1
python3-dbm-debuginfo-3.4.5-4.4.1
python3-debuginfo-3.4.5-4.4.1
python3-debugsource-3.4.5-4.4.1
python3-devel-3.4.5-4.4.1
python3-devel-debuginfo-3.4.5-4.4.1
python3-idle-3.4.5-4.4.1
python3-testsuite-3.4.5-4.4.1
python3-testsuite-debuginfo-3.4.5-4.4.1
python3-tk-3.4.5-4.4.1
python3-tk-debuginfo-3.4.5-4.4.1
python3-tools-3.4.5-4.4.1

- openSUSE 13.2 (noarch):

python3-doc-3.4.5-4.4.1
python3-doc-pdf-3.4.5-4.4.1

- openSUSE 13.2 (x86_64):

libpython3_4m1_0-32bit-3.4.5-4.4.1
libpython3_4m1_0-debuginfo-32bit-3.4.5-4.4.1
python3-32bit-3.4.5-4.4.1
python3-base-32bit-3.4.5-4.4.1
python3-base-debuginfo-32bit-3.4.5-4.4.1
python3-debuginfo-32bit-3.4.5-4.4.1


References:

https://www.suse.com/security/cve/CVE-2014-4650.html
https://www.suse.com/security/cve/CVE-2016-0772.html
https://www.suse.com/security/cve/CVE-2016-1000110.html
https://www.suse.com/security/cve/CVE-2016-5636.html
https://www.suse.com/security/cve/CVE-2016-5699.html
https://bugzilla.suse.com/935856
https://bugzilla.suse.com/951166
https://bugzilla.suse.com/983582
https://bugzilla.suse.com/984751
https://bugzilla.suse.com/985177
https://bugzilla.suse.com/985348
https://bugzilla.suse.com/989523


< Previous Next >
This Thread
  • No further messages