SUSE-SU-2026:0805-1

Опубликовано: 04 мар. 2026

Источник: suse-cvrf

Описание

Security update for python-pip

This update for python-pip fixes the following issues:

CVE-2026-1703: Fixed a potential path traversal in python-pip. (bsc#1257599)

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15 SP4

python311-pip-22.3.1-150400.17.19.1

SUSE Linux Enterprise Module for Python 3 15 SP7

python311-pip-22.3.1-150400.17.19.1

openSUSE Leap 15.6

python311-pip-22.3.1-150400.17.19.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260805-1/
Link for SUSE-SU-2026:0805-1
https://lists.suse.com/pipermail/sle-security-updates/2026-March/024567.html
E-Mail link for SUSE-SU-2026:0805-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1257599
SUSE Bug 1257599
https://www.suse.com/security/cve/CVE-2026-1703/
SUSE CVE CVE-2026-1703 page

Описание

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pip-22.3.1-150400.17.19.1

SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pip-22.3.1-150400.17.19.1

openSUSE Leap 15.6:python311-pip-22.3.1-150400.17.19.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-1703.html
CVE-2026-1703
https://bugzilla.suse.com/1257599
SUSE Bug 1257599

SUSE-SU-2026:0805-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15 SP4

SUSE Linux Enterprise Module for Python 3 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2026-1703

Описание

Затронутые продукты

Ссылки