python-pip-9.0.3-23.el8
エラータID: AXSA:2023-7234:02
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".
Security Fix(es):
* python: tarfile module directory traversal (CVE-2007-4559)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Update packages.
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
N/A
SRPMS
- python-pip-9.0.3-23.el8.src.rpm
MD5: 7937927c48a92987319fb4de5ff33425
SHA-256: f5259d5bf4df4371b0a6d53890f742666a47e11912b5cf0c6276326a97280acb
Size: 1.32 MB
Asianux Server 8 for x86_64
- platform-python-pip-9.0.3-23.el8.noarch.rpm
MD5: 0d15af2a6ca2d678a9a51f95473395ff
SHA-256: 57d2f1a70fab74f4a7aef7970c0325d0f37811142c5b1789408d1ec66e4acdb0
Size: 1.56 MB - python3-pip-9.0.3-23.el8.noarch.rpm
MD5: c5557ceec0b694bfc45709aaf5b365f9
SHA-256: e190a9a0825b1ee5d658512388715eb257528fd6fb8c3588ba6850f631968e32
Size: 19.06 kB - python3-pip-wheel-9.0.3-23.el8.noarch.rpm
MD5: 3e59d9d2069f23a77e93eec78cb484e8
SHA-256: bea2e7a7cb34e86835f33b1e6e873f0f9e66b842967e6869c9fe4bac0e54a2de
Size: 863.40 kB