SUSE-SU-2015:1344-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151344-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1344-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1344-1
Related
Published
2015-06-30T13:56:32Z
Modified
2015-06-30T13:56:32Z
Summary
Security update for python
Details

This update to python 2.7.9 fixes the following issues: * python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64

From the version update to 2.7.9: * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dropped upstreamed patches: python-2.7.6-poplib.patch, smtplibmaxline-2.7.patch, xmlrpcgzip27.patch * dropped patch python-2.7.3-sslcapath.patch because we don't need it with ssl module from Python 3 * libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well * python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional 'import ssl' from testurllib2_localnet that caused it to fail without ssl

  • skip testthread in qemulinux_user mode

From the version update to 2.7.8: * fixes CVE-2014-4650 directory traversal in CGIHTTPServer * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer()

Also the DH parameters were increased to 2048 bit to fix logjam security issue (bsc#935856)

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / python

Package

Name
python
Purl
purl:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-curses": "2.7.9-14.1",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-devel": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 / python-base

Package

Name
python-base
Purl
purl:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-curses": "2.7.9-14.1",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-devel": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 / python-base

Package

Name
python-base
Purl
purl:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-devel": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / python

Package

Name
python
Purl
purl:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-32bit": "2.7.9-14.1",
            "python-base-32bit": "2.7.9-14.1",
            "python-idle": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1",
            "python-doc": "2.7.9-14.3",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-doc-pdf": "2.7.9-14.3",
            "python-demo": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-gdbm": "2.7.9-14.1",
            "python-curses": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / python-base

Package

Name
python-base
Purl
purl:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-32bit": "2.7.9-14.1",
            "python-base-32bit": "2.7.9-14.1",
            "python-idle": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1",
            "python-doc": "2.7.9-14.3",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-doc-pdf": "2.7.9-14.3",
            "python-demo": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-gdbm": "2.7.9-14.1",
            "python-curses": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / python-doc

Package

Name
python-doc
Purl
purl:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.3

Ecosystem specific

{
    "binaries": [
        {
            "python-32bit": "2.7.9-14.1",
            "python-base-32bit": "2.7.9-14.1",
            "python-idle": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1",
            "python-doc": "2.7.9-14.3",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-doc-pdf": "2.7.9-14.3",
            "python-demo": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-gdbm": "2.7.9-14.1",
            "python-curses": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / python

Package

Name
python
Purl
purl:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-32bit": "2.7.9-14.1",
            "python-base-32bit": "2.7.9-14.1",
            "python-idle": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1",
            "python-doc": "2.7.9-14.3",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-doc-pdf": "2.7.9-14.3",
            "python-demo": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-gdbm": "2.7.9-14.1",
            "python-curses": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / python-base

Package

Name
python-base
Purl
purl:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-32bit": "2.7.9-14.1",
            "python-base-32bit": "2.7.9-14.1",
            "python-idle": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1",
            "python-doc": "2.7.9-14.3",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-doc-pdf": "2.7.9-14.3",
            "python-demo": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-gdbm": "2.7.9-14.1",
            "python-curses": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / python-doc

Package

Name
python-doc
Purl
purl:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.3

Ecosystem specific

{
    "binaries": [
        {
            "python-32bit": "2.7.9-14.1",
            "python-base-32bit": "2.7.9-14.1",
            "python-idle": "2.7.9-14.1",
            "libpython2_7-1_0-32bit": "2.7.9-14.1",
            "python-base": "2.7.9-14.1",
            "python-xml": "2.7.9-14.1",
            "python-doc": "2.7.9-14.3",
            "python": "2.7.9-14.1",
            "libpython2_7-1_0": "2.7.9-14.1",
            "python-doc-pdf": "2.7.9-14.3",
            "python-demo": "2.7.9-14.1",
            "python-tk": "2.7.9-14.1",
            "python-gdbm": "2.7.9-14.1",
            "python-curses": "2.7.9-14.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 / python-base

Package

Name
python-base
Purl
purl:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.9-14.1

Ecosystem specific

{
    "binaries": [
        {
            "python-devel": "2.7.9-14.1"
        }
    ]
}