Security update for python SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2106-1 Final 1 1 2016-08-19T08:31:23Z current 2016-08-19T08:31:23Z 2016-08-19T08:31:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2016-1245,SUSE-SLE-SDK-12-SP1-2016-1245,SUSE-SLE-SERVER-12-SP1-2016-1245,SUSE-SLE-WE-12-SP1-2016-1245 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162106-1/ Link for SUSE-SU-2016:2106-1 https://lists.suse.com/pipermail/sle-security-updates/2016-August/002219.html E-Mail link for SUSE-SU-2016:2106-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/984751 SUSE Bug 984751 https://bugzilla.suse.com/985177 SUSE Bug 985177 https://bugzilla.suse.com/985348 SUSE Bug 985348 https://bugzilla.suse.com/989523 SUSE Bug 989523 https://www.suse.com/security/cve/CVE-2016-0772/ SUSE CVE CVE-2016-0772 page https://www.suse.com/security/cve/CVE-2016-1000110/ SUSE CVE CVE-2016-1000110 page https://www.suse.com/security/cve/CVE-2016-5636/ SUSE CVE CVE-2016-5636 page https://www.suse.com/security/cve/CVE-2016-5699/ SUSE CVE CVE-2016-5699 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP1 libpython2_7-1_0-2.7.9-24.2 libpython2_7-1_0-32bit-2.7.9-24.2 python-2.7.9-24.1 python-base-2.7.9-24.2 python-curses-2.7.9-24.1 python-devel-2.7.9-24.2 python-tk-2.7.9-24.1 python-xml-2.7.9-24.2 python-32bit-2.7.9-24.1 python-base-32bit-2.7.9-24.2 python-demo-2.7.9-24.1 python-doc-2.7.9-24.4 python-doc-pdf-2.7.9-24.4 python-gdbm-2.7.9-24.1 python-idle-2.7.9-24.1 libpython2_7-1_0-2.7.9-24.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 libpython2_7-1_0-32bit-2.7.9-24.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 python-2.7.9-24.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 python-base-2.7.9-24.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 python-curses-2.7.9-24.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 python-devel-2.7.9-24.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 python-tk-2.7.9-24.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 python-xml-2.7.9-24.2 as a component of SUSE Linux Enterprise Desktop 12 SP1 libpython2_7-1_0-2.7.9-24.2 as a component of SUSE Linux Enterprise Server 12 SP1 libpython2_7-1_0-32bit-2.7.9-24.2 as a component of SUSE Linux Enterprise Server 12 SP1 python-2.7.9-24.1 as a component of SUSE Linux Enterprise Server 12 SP1 python-32bit-2.7.9-24.1 as a component of SUSE Linux Enterprise Server 12 SP1 python-base-2.7.9-24.2 as a component of SUSE Linux Enterprise Server 12 SP1 python-base-32bit-2.7.9-24.2 as a component of SUSE Linux Enterprise Server 12 SP1 python-curses-2.7.9-24.1 as a component of SUSE Linux Enterprise Server 12 SP1 python-demo-2.7.9-24.1 as a component of SUSE Linux Enterprise Server 12 SP1 python-doc-2.7.9-24.4 as a component of SUSE Linux Enterprise Server 12 SP1 python-doc-pdf-2.7.9-24.4 as a component of SUSE Linux Enterprise Server 12 SP1 python-gdbm-2.7.9-24.1 as a component of SUSE Linux Enterprise Server 12 SP1 python-idle-2.7.9-24.1 as a component of SUSE Linux Enterprise Server 12 SP1 python-tk-2.7.9-24.1 as a component of SUSE Linux Enterprise Server 12 SP1 python-xml-2.7.9-24.2 as a component of SUSE Linux Enterprise Server 12 SP1 libpython2_7-1_0-2.7.9-24.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libpython2_7-1_0-32bit-2.7.9-24.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-2.7.9-24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-32bit-2.7.9-24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-base-2.7.9-24.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-base-32bit-2.7.9-24.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-curses-2.7.9-24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-demo-2.7.9-24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-doc-2.7.9-24.4 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-doc-pdf-2.7.9-24.4 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-gdbm-2.7.9-24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-idle-2.7.9-24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-tk-2.7.9-24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-xml-2.7.9-24.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 python-devel-2.7.9-24.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 python-devel-2.7.9-24.2 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVE-2016-0772 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Software Development Kit 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Workstation Extension 12 SP1:python-devel-2.7.9-24.2 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162106-1/ https://www.suse.com/security/cve/CVE-2016-0772.html CVE-2016-0772 https://bugzilla.suse.com/984751 SUSE Bug 984751 The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVE-2016-1000110 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Software Development Kit 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Workstation Extension 12 SP1:python-devel-2.7.9-24.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162106-1/ https://www.suse.com/security/cve/CVE-2016-1000110.html CVE-2016-1000110 https://bugzilla.suse.com/988484 SUSE Bug 988484 https://bugzilla.suse.com/989523 SUSE Bug 989523 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. CVE-2016-5636 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Software Development Kit 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Workstation Extension 12 SP1:python-devel-2.7.9-24.2 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162106-1/ https://www.suse.com/security/cve/CVE-2016-5636.html CVE-2016-5636 https://bugzilla.suse.com/1065451 SUSE Bug 1065451 https://bugzilla.suse.com/1106262 SUSE Bug 1106262 https://bugzilla.suse.com/985177 SUSE Bug 985177 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVE-2016-5699 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Desktop 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Desktop 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libpython2_7-1_0-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-32bit-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-base-32bit-2.7.9-24.2 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-curses-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-demo-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-doc-pdf-2.7.9-24.4 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-gdbm-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-idle-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-tk-2.7.9-24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xml-2.7.9-24.2 SUSE Linux Enterprise Software Development Kit 12 SP1:python-devel-2.7.9-24.2 SUSE Linux Enterprise Workstation Extension 12 SP1:python-devel-2.7.9-24.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162106-1/ https://www.suse.com/security/cve/CVE-2016-5699.html CVE-2016-5699 https://bugzilla.suse.com/1122729 SUSE Bug 1122729 https://bugzilla.suse.com/1130840 SUSE Bug 1130840 https://bugzilla.suse.com/985348 SUSE Bug 985348 https://bugzilla.suse.com/985351 SUSE Bug 985351 https://bugzilla.suse.com/986630 SUSE Bug 986630