python-pip-9.0.3-18.el8
エラータID: AXSA:2020-1044:05
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".
Security Fix(es):
* python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-20916
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
Update packages.
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
N/A
SRPMS
- python-pip-9.0.3-18.el8.src.rpm
MD5: e2e8ffa7a8149f681773a67cb5596c49
SHA-256: 3f13a02507efdb508a7f888f00a1d926b93f76ac6d9a983f5aaf676583e8a635
Size: 1.31 MB
Asianux Server 8 for x86_64
- platform-python-pip-9.0.3-18.el8.noarch.rpm
MD5: 89e91fd92b52188d247066124271d5d8
SHA-256: 2b842059f54941b831a9074ea5476e15451a716f91c095c8484e83810693c1c3
Size: 1.70 MB - python3-pip-9.0.3-18.el8.noarch.rpm
MD5: 26b36c1f6df0f57f18b287f97eafd2fc
SHA-256: 8e68ea785149a2a7ff85bde978e94f9933977d2eecd3bbc1332916cd81dfdd10
Size: 18.69 kB - python3-pip-wheel-9.0.3-18.el8.noarch.rpm
MD5: b7c6904a9881792ace584c15446408cd
SHA-256: cecc9ad9a688478fc1f9bab6d5f078fc46e16622bf08d478c105f583869f666d
Size: 1.04 MB
日本語