Описание
Security update for python-pip
This update for python-pip fixes the following issues:
-
Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916).
-
Make wheel a separate build run to avoid the setuptools/wheel build cycle.
-
Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on 'the latest' versions of Python interpreter (jsc#SLE-18038, bsc#1195831).
Список пакетов
Container bci/python:3
python3-pip-20.0.2-150100.6.18.1
Container trento/trento-runner:latest
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP1-Azure-BYOS
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP1-Azure-HPC-BYOS
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP1-SAP-Azure-BYOS
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP1-SAPCAL-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP2-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP2-HPC-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP2-SAP-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP2-SAP-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP3-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP3-SAPCAL-Azure
python3-pip-20.0.2-150100.6.18.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
python3-pip-20.0.2-150100.6.18.1
SUSE Linux Enterprise Module for Python 2 15 SP3
python2-pip-20.0.2-150100.6.18.1
SUSE Linux Enterprise Real Time 15 SP2
python3-pip-20.0.2-150100.6.18.1
openSUSE Leap 15.3
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
openSUSE Leap 15.4
python2-pip-20.0.2-150100.6.18.1
Ссылки
- Link for SUSE-SU-2022:1454-1
- E-Mail link for SUSE-SU-2022:1454-1
- SUSE Security Ratings
- SUSE Bug 1176262
- SUSE Bug 1195831
- SUSE CVE CVE-2019-20916 page
Описание
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
Затронутые продукты
Container bci/python:3:python3-pip-20.0.2-150100.6.18.1
Container trento/trento-runner:latest:python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP1-Azure-BYOS:python3-pip-20.0.2-150100.6.18.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-pip-20.0.2-150100.6.18.1
Ссылки
- CVE-2019-20916
- SUSE Bug 1176262