Описание
Security update for python-virtualenv
This update for python-virtualenv fixes the following issues:
- CVE-2024-53899: Fixed a command injection through activation scripts (bsc#1233706)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise Server 15 SP4-LTSS
python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
python311-virtualenv-20.22.0-150400.9.6.1
openSUSE Leap 15.5
python311-virtualenv-20.22.0-150400.9.6.1
openSUSE Leap 15.6
python311-virtualenv-20.22.0-150400.9.6.1
Ссылки
- Link for SUSE-SU-2024:4093-1
- E-Mail link for SUSE-SU-2024:4093-1
- SUSE Security Ratings
- SUSE Bug 1233706
- SUSE CVE CVE-2024-53899 page
Описание
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise Module for Python 3 15 SP5:python311-virtualenv-20.22.0-150400.9.6.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python311-virtualenv-20.22.0-150400.9.6.1
Ссылки
- CVE-2024-53899
- SUSE Bug 1233706