Security update for python
Python was updated to fix three security issues.
The following vulnerabilities were fixed:
- CVE-2016-0772: TLS stripping attack on smtplib (bsc#984751)
- CVE-2016-5636: zipimporter heap overflow (bsc#985177)
- CVE-2016-5699: httplib header injection (bsc#985348)
This update also includes all upstream bug fixes and improvements in Python 2.7.12.
It also includes the following packaging changes:
- reintroduce support for CA directory path
The following tracked packaging issues were fixed:
- broken overflow checks (bsc#964182)
- Submitted by Jan Matejek (matejcik)
Fixed bugs
bnc#984751
VUL-1: CVE-2016-0772: python,python3: smtplib StartTLS stripping attack
bnc#985177
VUL-1: CVE-2016-5636: python3,python: Heap overflow in zipimporter module
bnc#985348
VUL-0: CVE-2016-5699: python,python3: http protocol steam injection attack
bnc#964182
python has multiple bogus integer overflow checks