| Revision Date: | 2016-10-26 | Version: | 1 |
| Title: | Security update for python3 (Moderate) |
| Description: |
This update provides Python 3.4.5, which brings many fixes and enhancements.
The following security issues have been fixed:
- CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348)
The update also includes the following non-security fixes:
- Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582)
For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 951166
983582
984751
985177
985348
989523
991069
CVE-2016-0772
CVE-2016-1000110
CVE-2016-5636
CVE-2016-5699
SUSE-SU-2016:2653-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP1
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information
libpython3_4m1_0-3.4.5-17.1 is installed
OR python3-3.4.5-17.1 is installed
OR python3-base-3.4.5-17.1 is installed
|