Описание
Security update for python-virtualenv
This update for python-virtualenv fixes the following issues:
- CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition (bsc#1256458).
Список пакетов
SUSE Linux Enterprise Module for Python 3 15 SP7
python311-virtualenv-20.22.0-150400.9.9.1
openSUSE Leap 15.6
python311-virtualenv-20.22.0-150400.9.9.1
Ссылки
- Link for SUSE-SU-2026:0233-1
- E-Mail link for SUSE-SU-2026:0233-1
- SUSE Security Ratings
- SUSE Bug 1256458
- SUSE CVE CVE-2026-22702 page
Описание
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP7:python311-virtualenv-20.22.0-150400.9.9.1
openSUSE Leap 15.6:python311-virtualenv-20.22.0-150400.9.9.1
Ссылки
- CVE-2026-22702
- SUSE Bug 1256458