SUSE-SU-2016:2859-1 -- SLES libpython3_4m1_0, python3ID: oval:org.secpod.oval:def:89045272 | Date: (C)2021-08-03 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed: - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user supplied Proxy request header. - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. - CVE-2016-5636: A heap overflow in Python"s zipimport module. - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. The update also includes the following non-security fixes: - Don"t force 3rd party C extensions to be built with -Werror=declaration-after-statement. - Make urllib proxy var handling behave as usual on POSIX. For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
libpython3_4m1_0 |
python3 |