SUSE-SU-2024:4143-1

Опубликовано: 02 дек. 2024

Источник: suse-cvrf

Описание

Security update for python3-virtualenv

This update for python3-virtualenv fixes the following issues:

Security issue fixed:

CVE-2024-53899: Fixed a command injection through activation scripts (bsc#1233706)

Non-security issue fixed:

Relax version requirements that cannot be provided (bsc#1232072)

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP6

python3-virtualenv-20.17.1-150600.3.5.1

openSUSE Leap 15.6

python3-virtualenv-20.17.1-150600.3.5.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244143-1/
Link for SUSE-SU-2024:4143-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019895.html
E-Mail link for SUSE-SU-2024:4143-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1232072
SUSE Bug 1232072
https://bugzilla.suse.com/1233706
SUSE Bug 1233706
https://www.suse.com/security/cve/CVE-2024-53899/
SUSE CVE CVE-2024-53899 page

Описание

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

Затронутые продукты

SUSE Linux Enterprise Module for Development Tools 15 SP6:python3-virtualenv-20.17.1-150600.3.5.1

openSUSE Leap 15.6:python3-virtualenv-20.17.1-150600.3.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-53899.html
CVE-2024-53899
https://bugzilla.suse.com/1233706
SUSE Bug 1233706

SUSE-SU-2024:4143-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-53899

Описание

Затронутые продукты

Ссылки