Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:0516-2

Опубликовано: 24 фев. 2023
Источник: suse-cvrf

Описание

Security update for python-pip

This update for python-pip fixes the following issues:

  • Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916).

  • Make wheel a separate build run to avoid the setuptools/wheel build cycle.

  • Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on 'the latest' versions of Python interpreter (jsc#SLE-18038, bsc#1195831).

Список пакетов

SUSE Enterprise Storage 6
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Enterprise Storage 7
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Linux Enterprise Server 15 SP1-LTSS
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Linux Enterprise Server 15 SP2-LTSS
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
python2-pip-20.0.2-150100.6.18.1
python3-pip-20.0.2-150100.6.18.1
python3-pip-wheel-20.0.2-150100.6.18.1

Ссылки

Описание

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

Затронутые продукты
SUSE Enterprise Storage 6:python2-pip-20.0.2-150100.6.18.1
SUSE Enterprise Storage 6:python3-pip-20.0.2-150100.6.18.1
SUSE Enterprise Storage 6:python3-pip-wheel-20.0.2-150100.6.18.1
SUSE Enterprise Storage 7:python2-pip-20.0.2-150100.6.18.1
Ссылки