openSUSE-SU-2026:20086-1

Опубликовано: 22 янв. 2026

Источник: suse-cvrf

Описание

Security update for python-virtualenv

This update for python-virtualenv fixes the following issues:

CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition (bsc#1256458).

Список пакетов

openSUSE Leap 16.0

python313-virtualenv-20.29.3-160000.3.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1256458
SUSE Bug 1256458
https://www.suse.com/security/cve/CVE-2026-22702/
SUSE CVE CVE-2026-22702 page

Описание

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.

Затронутые продукты

openSUSE Leap 16.0:python313-virtualenv-20.29.3-160000.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-22702.html
CVE-2026-22702
https://bugzilla.suse.com/1256458
SUSE Bug 1256458

openSUSE-SU-2026:20086-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2026-22702

Описание

Затронутые продукты

Ссылки