Описание
ELSA-2023-6694: python-pip security update (MODERATE)
[21.2.3-7]
- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) Resolves: RHBZ#2207997
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
python3-pip
21.2.3-7.el9
python3-pip-wheel
21.2.3-7.el9
Oracle Linux x86_64
python3-pip
21.2.3-7.el9
python3-pip-wheel
21.2.3-7.el9
Связанные CVE
Связанные уязвимости
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Directory traversal vulnerability in the (1) extract and (2) extractal ...