Описание
Feature implementation for python39-pip, python39-setuptools
This update for python39-pip, python39-setuptools fixes the following issues:
Changes in python39-setuptools:
- Provide
python39-setuptoolsversion 44.1.1 with vendored dependencies. (jsc#SLE-17532, jsc#SLE-17957)
Changes in python39-pip:
- Provide
python39-pipversion 20.2.4 with vendored dependencies. (jsc#SLE-17532, jsc#SLE-17957)
Список пакетов
Container bci/python:3
Container containers/python:3.9
Image python_15_6
SUSE Linux Enterprise Module for Basesystem 15 SP3
Ссылки
- Link for SUSE-FU-2021:2130-1
- E-Mail link for SUSE-FU-2021:2130-1
- SUSE Security Ratings
- SUSE Bug 1176262
- SUSE Bug 1177127
- SUSE Bug 1187170
- SUSE Bug 428177
- SUSE Bug 842516
- SUSE Bug 913229
- SUSE Bug 930189
- SUSE Bug 993968
- SUSE CVE CVE-2013-5123 page
- SUSE CVE CVE-2014-8991 page
- SUSE CVE CVE-2015-2296 page
- SUSE CVE CVE-2019-20916 page
Описание
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
Затронутые продукты
Ссылки
- CVE-2013-5123
- SUSE Bug 864406
Описание
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Затронутые продукты
Ссылки
- CVE-2014-8991
- SUSE Bug 907038
Описание
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
Затронутые продукты
Ссылки
- CVE-2015-2296
- SUSE Bug 922448
- SUSE Bug 926396
Описание
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
Затронутые продукты
Ссылки
- CVE-2019-20916
- SUSE Bug 1176262