python-pip-9.0.3-23.el8

エラータID: AXSA:2023-7234:02

Release date: 
Monday, December 25, 2023 - 09:24
Subject: 
python-pip-9.0.3-23.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".

Security Fix(es):

* python: tarfile module directory traversal (CVE-2007-4559)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. python-pip-9.0.3-23.el8.src.rpm
    MD5: 7937927c48a92987319fb4de5ff33425
    SHA-256: f5259d5bf4df4371b0a6d53890f742666a47e11912b5cf0c6276326a97280acb
    Size: 1.32 MB

Asianux Server 8 for x86_64
  1. platform-python-pip-9.0.3-23.el8.noarch.rpm
    MD5: 0d15af2a6ca2d678a9a51f95473395ff
    SHA-256: 57d2f1a70fab74f4a7aef7970c0325d0f37811142c5b1789408d1ec66e4acdb0
    Size: 1.56 MB
  2. python3-pip-9.0.3-23.el8.noarch.rpm
    MD5: c5557ceec0b694bfc45709aaf5b365f9
    SHA-256: e190a9a0825b1ee5d658512388715eb257528fd6fb8c3588ba6850f631968e32
    Size: 19.06 kB
  3. python3-pip-wheel-9.0.3-23.el8.noarch.rpm
    MD5: 3e59d9d2069f23a77e93eec78cb484e8
    SHA-256: bea2e7a7cb34e86835f33b1e6e873f0f9e66b842967e6869c9fe4bac0e54a2de
    Size: 863.40 kB