Описание
Security update for python-pip
This update for python-pip fixes the following issues:
- CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353).
Список пакетов
Container bci/python:latest
python311-pip-22.3.1-150400.17.12.1
Container containers/python:3.11
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-HPC-BYOS
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-HPC-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-Hardened-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAP
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAP-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAP-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAP-Hardened
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAP-Hardened-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAPCAL
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-SAPCAL-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-Azure-3P
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-Azure-Basic
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-Azure-Standard
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-HPC-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-HPC-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-Hardened-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-SAP-Azure-3P
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-SAP-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-SAP-Hardened-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP5-SAPCAL-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-Azure-Basic
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-Azure-Standard
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-HPC
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-HPC-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-HPC-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-Hardened-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-SAP-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-SAP-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-SAP-Hardened
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-SAP-Hardened-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP6-SAPCAL-Azure
python311-pip-22.3.1-150400.17.12.1
SUSE Linux Enterprise Module for Python 3 15 SP4
python311-pip-22.3.1-150400.17.12.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-pip-22.3.1-150400.17.12.1
openSUSE Leap 15.4
python311-pip-22.3.1-150400.17.12.1
openSUSE Leap 15.5
python311-pip-22.3.1-150400.17.12.1
Ссылки
- Link for SUSE-SU-2023:4988-1
- E-Mail link for SUSE-SU-2023:4988-1
- SUSE Security Ratings
- SUSE Bug 1217353
- SUSE CVE CVE-2023-5752 page
Описание
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
Затронутые продукты
Container bci/python:latest:python311-pip-22.3.1-150400.17.12.1
Container containers/python:3.11:python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-BYOS-Azure:python311-pip-22.3.1-150400.17.12.1
Image SLES15-SP4-HPC-BYOS-Azure:python311-pip-22.3.1-150400.17.12.1
Ссылки
- CVE-2023-5752
- SUSE Bug 1217353