Security update for python SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2270-1 Final 1 1 2016-09-09T06:13:10Z current 2016-09-09T06:13:10Z 2016-09-09T06:13:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-python-12735,slessp4-python-12735 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1/ Link for SUSE-SU-2016:2270-1 https://lists.suse.com/pipermail/sle-security-updates/2016-September/002263.html E-Mail link for SUSE-SU-2016:2270-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/984751 SUSE Bug 984751 https://bugzilla.suse.com/985348 SUSE Bug 985348 https://bugzilla.suse.com/989523 SUSE Bug 989523 https://www.suse.com/security/cve/CVE-2016-0772/ SUSE CVE CVE-2016-0772 page https://www.suse.com/security/cve/CVE-2016-1000110/ SUSE CVE CVE-2016-1000110 page https://www.suse.com/security/cve/CVE-2016-5699/ SUSE CVE CVE-2016-5699 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 python-32bit-2.6.9-39.1 python-demo-2.6.9-39.1 python-devel-2.6.9-39.1 python-doc-2.6-8.39.1 python-doc-pdf-2.6-8.39.1 python-gdbm-2.6.9-39.1 python-idle-2.6.9-39.1 python-tk-2.6.9-39.1 libpython2_6-1_0-2.6.9-39.1 libpython2_6-1_0-32bit-2.6.9-39.1 libpython2_6-1_0-x86-2.6.9-39.1 python-2.6.9-39.1 python-base-2.6.9-39.1 python-base-32bit-2.6.9-39.1 python-base-x86-2.6.9-39.1 python-curses-2.6.9-39.1 python-x86-2.6.9-39.1 python-xml-2.6.9-39.1 libpython2_6-1_0-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpython2_6-1_0-32bit-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpython2_6-1_0-x86-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-32bit-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-base-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-base-32bit-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-base-x86-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-curses-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-demo-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-doc-2.6-8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-doc-pdf-2.6-8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-gdbm-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-idle-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-tk-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-x86-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-xml-2.6.9-39.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpython2_6-1_0-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libpython2_6-1_0-32bit-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libpython2_6-1_0-x86-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-32bit-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-base-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-base-32bit-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-base-x86-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-curses-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-demo-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-doc-2.6-8.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-doc-pdf-2.6-8.39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-gdbm-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-idle-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-tk-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-x86-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-xml-2.6.9-39.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-32bit-2.6.9-39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-demo-2.6.9-39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-devel-2.6.9-39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-doc-2.6-8.39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-doc-pdf-2.6-8.39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-gdbm-2.6.9-39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-idle-2.6.9-39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-tk-2.6.9-39.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVE-2016-0772 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-curses-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Server 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Server 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-tk-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-xml-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-curses-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-tk-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-xml-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-devel-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-tk-2.6.9-39.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1/ https://www.suse.com/security/cve/CVE-2016-0772.html CVE-2016-0772 https://bugzilla.suse.com/984751 SUSE Bug 984751 The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVE-2016-1000110 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-curses-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Server 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Server 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-tk-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-xml-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-curses-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-tk-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-xml-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-devel-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-tk-2.6.9-39.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1/ https://www.suse.com/security/cve/CVE-2016-1000110.html CVE-2016-1000110 https://bugzilla.suse.com/988484 SUSE Bug 988484 https://bugzilla.suse.com/989523 SUSE Bug 989523 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVE-2016-5699 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-32bit-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-base-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-curses-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Server 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Server 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-tk-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-x86-2.6.9-39.1 SUSE Linux Enterprise Server 11 SP4:python-xml-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libpython2_6-1_0-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-32bit-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-base-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-curses-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-tk-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-x86-2.6.9-39.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-xml-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-32bit-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-demo-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-devel-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-doc-2.6-8.39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-doc-pdf-2.6-8.39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-gdbm-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-idle-2.6.9-39.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-tk-2.6.9-39.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1/ https://www.suse.com/security/cve/CVE-2016-5699.html CVE-2016-5699 https://bugzilla.suse.com/1122729 SUSE Bug 1122729 https://bugzilla.suse.com/1130840 SUSE Bug 1130840 https://bugzilla.suse.com/985348 SUSE Bug 985348 https://bugzilla.suse.com/985351 SUSE Bug 985351 https://bugzilla.suse.com/986630 SUSE Bug 986630