Описание
Security update for python-pip
This update for python-pip fixes the following issues:
- CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819).
Список пакетов
Container bci/python:3
python3-pip-20.0.2-6.15.1
Container trento/trento-runner:latest
python3-pip-20.0.2-6.15.1
Image SLES15-SP1-Azure-BYOS
python3-pip-20.0.2-6.15.1
Image SLES15-SP1-Azure-HPC-BYOS
python3-pip-20.0.2-6.15.1
Image SLES15-SP1-SAP-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP1-SAP-Azure-BYOS
python3-pip-20.0.2-6.15.1
Image SLES15-SP1-SAPCAL-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP2-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP2-HPC-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP2-SAP-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP2-SAP-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-HPC-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-SAP-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-pip-20.0.2-6.15.1
Image SLES15-SP3-SAPCAL-Azure
python3-pip-20.0.2-6.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
python3-pip-20.0.2-6.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
python3-pip-20.0.2-6.15.1
SUSE Linux Enterprise Module for Python 2 15 SP2
python2-pip-20.0.2-6.15.1
SUSE Linux Enterprise Module for Python 2 15 SP3
python2-pip-20.0.2-6.15.1
Ссылки
- Link for SUSE-SU-2021:4001-1
- E-Mail link for SUSE-SU-2021:4001-1
- SUSE Security Ratings
- SUSE Bug 1186819
- SUSE CVE CVE-2021-3572 page
Описание
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
Затронутые продукты
Container bci/python:3:python3-pip-20.0.2-6.15.1
Container trento/trento-runner:latest:python3-pip-20.0.2-6.15.1
Image SLES15-SP1-Azure-BYOS:python3-pip-20.0.2-6.15.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-pip-20.0.2-6.15.1
Ссылки
- CVE-2021-3572
- SUSE Bug 1186819