Описание
Security update for python-pip
This update for python-pip fixes the following issues:
- Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916).
- Make wheel a separate build run to avoid the setuptools/wheel build cycle.
Список пакетов
Image SLES12-SP4-Azure-BYOS
python3-pip-10.0.1-13.3.1
Image SLES12-SP4-SAP-Azure
python3-pip-10.0.1-13.3.1
Image SLES12-SP4-SAP-Azure-BYOS
python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-BYOS
python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-Basic-On-Demand
python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-HPC-BYOS
python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-HPC-On-Demand
python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-SAP-BYOS
python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-SAP-On-Demand
python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-Standard-On-Demand
python3-pip-10.0.1-13.3.1
SUSE Linux Enterprise Module for Public Cloud 12
python-pip-10.0.1-13.3.1
python3-pip-10.0.1-13.3.1
SUSE OpenStack Cloud 7
python-pip-10.0.1-13.3.1
Ссылки
- Link for SUSE-SU-2020:3599-1
- E-Mail link for SUSE-SU-2020:3599-1
- SUSE Security Ratings
- SUSE Bug 1176262
- SUSE CVE CVE-2019-20916 page
Описание
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:python3-pip-10.0.1-13.3.1
Image SLES12-SP4-SAP-Azure-BYOS:python3-pip-10.0.1-13.3.1
Image SLES12-SP4-SAP-Azure:python3-pip-10.0.1-13.3.1
Image SLES12-SP5-Azure-BYOS:python3-pip-10.0.1-13.3.1
Ссылки
- CVE-2019-20916
- SUSE Bug 1176262