05-22-2017 08:13 AM - edited 05-22-2017 08:18 AM
According to the README, this does indeed fix the CVE-2017-5689 vulnerability on xx30 systems.
This page states the update shouldn't have been available until 5/29/2017, but if the README is correct then it looks like it was released earlier, because that is indeed the correct CVE number (plus, you can compare it to the other released updates on that page which state they fix the same thing).
The version number (126.96.36.19908) also matches up between the links for fixes on that page and the version you linked.
However, this update does NOT show up when scanning for updates using the Lenovo website, and isn't found with Service Bridge.
Was it perhaps accidentally uploaded or posted early?