python-pip-21.2.3-7.el9

エラータID: AXSA:2023-6874:01

Release date: 
Tuesday, December 12, 2023 - 03:01
Subject: 
python-pip-21.2.3-7.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".

Security Fix(es):

* python: tarfile module directory traversal (CVE-2007-4559)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Solution: 

Update packages.

CVEs: 
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-pip-21.2.3-7.el9.src.rpm
    MD5: c1cd8832ffd195eb394952b6c3f26f6f
    SHA-256: 56a78e5c8daf3c28dfdcfcd46b1c45a19b3c9aeb63955b7c72add98a54f79aba
    Size: 8.40 MB

Asianux Server 9 for x86_64
  1. python3-pip-21.2.3-7.el9.noarch.rpm
    MD5: 3e7f8d131a82753dbf157388c68a8f99
    SHA-256: 7b423ce2ffd50778e43bb7f2d03abd0308f78dfc58b5c666632cd1ef42383eee
    Size: 1.73 MB
  2. python3-pip-wheel-21.2.3-7.el9.noarch.rpm
    MD5: a9df9d873941ac0caab5384e9d865836
    SHA-256: 40ad1a50583d5f45d86acb89c5adad947558761a2caa222773682a3b54277998
    Size: 1.13 MB