python3.11-pip-22.3.1-4.el8
エラータID: AXSA:2023-7138:02
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".
Security Fix(es):
* python: tarfile module directory traversal (CVE-2007-4559)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Update packages.
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
N/A
SRPMS
- python3.11-pip-22.3.1-4.el8.src.rpm
MD5: db401aa1495107e36f742e4dbb0ab36f
SHA-256: ce61dfefc7f2c892b0499e0d33182c742b4e401dc0057b015234b6489d11c973
Size: 8.92 MB
Asianux Server 8 for x86_64
- python3.11-pip-22.3.1-4.el8.noarch.rpm
MD5: 5c6e23a3f099122c0b71c06dddc0c563
SHA-256: 71b90df36b0ba359d4bc62ebfb6f3a3567b84310847c1be74ba7ff74e1ba85ef
Size: 2.92 MB - python3.11-pip-wheel-22.3.1-4.el8.noarch.rpm
MD5: a35b17c690ee9d8c07cec65219a7654e
SHA-256: 67aa8749b6632b8db7f7c9c1d04c5425f88a643cacbfe91770d605a073d07084
Size: 1.43 MB
日本語