Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2022:10183-1

Опубликовано: 31 окт. 2022
Источник: suse-cvrf

Описание

Security update for pyenv

This update for pyenv fixes the following issues:

Update to 2.3.5

  • Add CPython 3.10.7 by @edgarrmondragon in #2454
  • Docs: update Fish PATH update by @gregorias in #2449
  • Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in #2456
  • Update miniconda3-3.9-4.12.0 by @Tsuki in #2460
  • Add CPython 3.11.0rc2 by @ViktorHaag in #2459
  • Add patches for 3.7.14 to support Apple Silicon by @samdoran in #2463
  • Add ability to easily skip all use of Homebrew by @samdoran in #2464
  • Drop Travis integration by @sobolevn in #2468
  • Build CPython 3.12+ with --with-dsymutil in MacOS by @native-api in #2471
  • Add Pyston 2.3.5 by @scop in #2476 Full Changelog: https://github.com/pyenv/pyenv/compare/v2.3.4...v2.3.5

Update to 2.3.4

  • Add CPython 3.11.0rc1 by @edgarrmondragon in #2434
  • Add support for multiple versions in pyenv uninstall by @hardikpnsp in #2432
  • Add micropython 1.18 and 1.19.1 by @dmitriy-serdyuk in #2443
  • CI: support Micropython, deleted scripts; build with -v by @native-api in #2447
  • Re-allow paths in .python-version while still preventing CVE-2022-35861 by @comrumino in #2442
  • CI: Bump OS versions by @native-api in #2448
  • Add Cinder 3.8 by @filips123 in #2433
  • Add support for multiple versions in pyenv uninstall in #2432
  • Add micropython 1.18 and 1.19.1 in #2443
  • Add Cinder 3.8 in #2433

Update to 2.3.3

  • Use version sort in pyenv versions by @fofoni in #2405
  • Add CPython 3.11.0b4 by @majorgreys in #2411
  • Python-build: Replace deprecated git protocol use with https in docs by @ssbarnea in #2413
  • Fix relative path traversal due to using version string in path by @comrumino in #2412
  • Allow pypy2 and pypy3 patching by @brogon in #2421, #2419
  • Add CPython 3.11.0b5 by @edgarrmondragon in #2420
  • Add GraalPython 22.2.0 by @msimacek in #2425
  • Add CPython 3.10.6 by @edgarrmondragon in #2428
  • Add CPython 3.11.0b4 by @majorgreys in #2411
  • Replace deprecated git protocol use with https by @ssbarnea in docs #2413
  • Fix relative path traversal due to using version string in path by @comrumino in #2412
  • Fix patterns for pypy2./pypy3. versions by @brogon in #2419

Update to 2.3.2

  • Add CPython 3.11.0b2 by @saaketp in #2380
  • Honor CFLAGS_EXTRA for MicroPython #2006 by @yggdr in #2007
  • Add post-install checks for curses, ctypes, lzma, and tkinter by @aphedges in #2353
  • Add CPython 3.11.0b3 by @edgarrmondragon in #2382
  • Add flags for Homebrew into python-config --ldflags by @native-api in #2384
  • Add CPython 3.10.5 by @illia-v in #2386
  • Add Anaconda 2019.10, 2021.04, 2022.05; support Anaconda in add_miniconda.py by @native-api in #2385
  • Add Pyston-2.3.4 by @dand-oss in #2390
  • Update Anaconda3-2022.05 MacOSX arm64 md5 by @bkbncn in #2391
  • Fix boo#1201582 to fix CVE-2022-35861 (from commit 22fa683, file pyenv-CVE-2022-35861.patch)

Update to 2.3.0

  • Bump openssl 1.1 to 1.1.1n for CPython 3.7 3.8 3.9 by @tuzi3040 in #2276
  • Doc Fix: Escape a hash character causing unwanted GitHub Issue linking by @edrogers in #2282
  • Add CPython 3.9.12 by @saaketp in #2296
  • Add CPython 3.10.4 by @saaketp in #2295
  • Add patch for 3.6.15 to support Xcode 13.3 by @nshine in #2288
  • Add patch for 3.7.12 to support Xcode 13.3 by @samdoran in #2292
  • Add CONTRIBUTING.md by @native-api in #2287
  • Add PyPy 7.3.9 release 2022-03-30 by @dand-oss in #2308
  • Add Pyston 2.3.3 by @scop in #2316
  • Add CPython 3.11.0a7 by @illia-v in #2315
  • Add 'nogil' Python v3.9.10 by @colesbury in #2342
  • Support XCode 13.3 in all releases that officially support MacOS 11 by @native-api in #2344
  • Add GraalPython 22.1.0 by @msimacek in #2346
  • Make PYENV_DEBUG imply -v for pyenv install by @native-api in #2347
  • Simplify init scheme by @native-api in #2310
  • Don't use Homebrew outside of MacOS by @native-api in #2349
  • Add :latest syntax to documentation for the install command by @hay in #2351

Update to 2.2.5

  • fix issue 2236 for CPython 3.6.15 and 3.7.12 by @fofoni in #2237
  • python-build: add URL for get-pip for Python 3.6 by @fofoni in #2238
  • Add pyston-2.3.2 by @dmrlawson in #2240
  • CPython 3.11.0a5 by @saaketp in #2241
  • CPython 3.11.0a6 by @saaketp in #2266
  • Add miniconda 4.11.0 by @aphedges in #2268
  • docs(pyenv-prefix): note support for multiple versions by @scop in #2270
  • pypy 7.3.8 02/20/2022 release by @dand-oss in #2253

Список пакетов

SUSE Package Hub 15 SP4
pyenv-2.3.5-bp154.2.3.1
pyenv-bash-completion-2.3.5-bp154.2.3.1
pyenv-fish-completion-2.3.5-bp154.2.3.1
pyenv-zsh-completion-2.3.5-bp154.2.3.1
openSUSE Leap 15.4
pyenv-2.3.5-bp154.2.3.1
pyenv-bash-completion-2.3.5-bp154.2.3.1
pyenv-fish-completion-2.3.5-bp154.2.3.1
pyenv-zsh-completion-2.3.5-bp154.2.3.1

Ссылки

Описание

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.)

Затронутые продукты
SUSE Package Hub 15 SP4:pyenv-2.3.5-bp154.2.3.1
SUSE Package Hub 15 SP4:pyenv-bash-completion-2.3.5-bp154.2.3.1
SUSE Package Hub 15 SP4:pyenv-fish-completion-2.3.5-bp154.2.3.1
SUSE Package Hub 15 SP4:pyenv-zsh-completion-2.3.5-bp154.2.3.1
Ссылки
Уязвимость openSUSE-SU-2022:10183-1