Описание
Security update for python36-pip
This update for python36-pip fixes the following issues:
- CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
python36-pip-20.2.4-8.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
python36-pip-20.2.4-8.9.1
Ссылки
- Link for SUSE-SU-2022:0060-1
- E-Mail link for SUSE-SU-2022:0060-1
- SUSE Security Ratings
- SUSE Bug 1186819
- SUSE CVE CVE-2021-3572 page
Описание
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:python36-pip-20.2.4-8.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-pip-20.2.4-8.9.1
Ссылки
- CVE-2021-3572
- SUSE Bug 1186819