SUSE-SU-2024:0892-1

Опубликовано: 14 мар. 2024

Источник: suse-cvrf

Описание

Security update for python36-pip

This update for python36-pip fixes the following issues:

CVE-2023-5752: Fixed possible injection of arbitrary configuration through Mercurial parameter. (bsc#1217353)

Список пакетов

SUSE Linux Enterprise Server 12 SP5

python36-pip-20.2.4-8.15.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

python36-pip-20.2.4-8.15.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240892-1/
Link for SUSE-SU-2024:0892-1
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018175.html
E-Mail link for SUSE-SU-2024:0892-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1217353
SUSE Bug 1217353
https://www.suse.com/security/cve/CVE-2023-5752/
SUSE CVE CVE-2023-5752 page

Описание

When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:python36-pip-20.2.4-8.15.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-pip-20.2.4-8.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-5752.html
CVE-2023-5752
https://bugzilla.suse.com/1217353
SUSE Bug 1217353

SUSE-SU-2024:0892-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2023-5752

Описание

Затронутые продукты

Ссылки