python-pip-9.0.3-20.el8
エラータID: AXSA:2021-2732:02
リリース日:
2021/12/14 Tuesday - 00:59
題名:
python-pip-9.0.3-20.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- python-pip には git リファレンスでの Unicode セパレーターの取り扱い方法に
問題があり、リモートの攻撃者はリポジトリに異なるリビジョンをインストール
できる脆弱性があります。(CVE-2021-3572)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-3572
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
追加情報:
N/A
ダウンロード:
SRPMS
- python-pip-9.0.3-20.el8.src.rpm
MD5: 893d11db5e8bb2d1551513ef88afbb5c
SHA-256: 5470bee1a36ba9e3cf6bca20f51bb8cd6b7d3d7bba3f1971284202752124f119
Size: 1.31 MB
Asianux Server 8 for x86_64
- platform-python-pip-9.0.3-20.el8.noarch.rpm
MD5: 65e076c5042edea819e3a21491e699f2
SHA-256: 128e9f6a89db06de39726517f9ca7c2c9d18f52002b186fadfff1b00d93510d9
Size: 1.70 MB - python3-pip-9.0.3-20.el8.noarch.rpm
MD5: 8c044497feca692e2073921f6297b269
SHA-256: 9db544214ac001fcf96d92f9e133854f3df5b8bdea930d359aaea147cd5537e3
Size: 18.82 kB - python3-pip-wheel-9.0.3-20.el8.noarch.rpm
MD5: 96beef6062d1b3f438fa82776b5d13ec
SHA-256: a46ba4b532eaea9366217ebf53d6656c1e181a78b7dd60c70960ff1b3569d685
Size: 1.04 MB