SUSE-SU-2024:3156-1

Опубликовано: 06 сент. 2024

Источник: suse-cvrf

Описание

Security update for python312-pip

This update for python312-pip fixes the following issues:

CVE-2023-5752: Avoiding injection of arbitrary configuration through Mercurial parameter. (bsc#1217353)

Список пакетов

Container bci/python:latest

python312-pip-23.2.1-150600.3.3.1

SUSE Linux Enterprise Module for Python 3 15 SP6

python312-pip-23.2.1-150600.3.3.1

openSUSE Leap 15.6

python312-pip-23.2.1-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243156-1/
Link for SUSE-SU-2024:3156-1
https://lists.suse.com/pipermail/sle-updates/2024-September/036807.html
E-Mail link for SUSE-SU-2024:3156-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1217353
SUSE Bug 1217353
https://www.suse.com/security/cve/CVE-2023-5752/
SUSE CVE CVE-2023-5752 page

Описание

When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

Затронутые продукты

Container bci/python:latest:python312-pip-23.2.1-150600.3.3.1

SUSE Linux Enterprise Module for Python 3 15 SP6:python312-pip-23.2.1-150600.3.3.1

openSUSE Leap 15.6:python312-pip-23.2.1-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-5752.html
CVE-2023-5752
https://bugzilla.suse.com/1217353
SUSE Bug 1217353

SUSE-SU-2024:3156-1

Описание

Список пакетов

Container bci/python:latest

SUSE Linux Enterprise Module for Python 3 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2023-5752

Описание

Затронутые продукты

Ссылки