RHEL 7 : python-pip (RHSA-2020:0850)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python...

Oracle Linux 7 : python-pip (ELSA-2020-0850)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0850 advisory. 9.0.3-7 - Bump Resolves: rhbz1649153 Resolves: rhbz1700824 Resolves: rhbz1702473 Resolves: rhbz1643829 9.0.3-6 - Add four new patches for CVEs in bundl...

python-pip security update

9.0.3-7 - Bump Resolves: rhbz1649153 Resolves: rhbz1700824 Resolves: rhbz1702473 Resolves: rhbz1643829 9.0.3-6 - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz1649153 Resolves: rhbz1700824 Resolves:...

Scientific Linux Security Update : python-pip on SL7.x (noarch) (20200317)

Security Fixes : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3:...

EulerOS 2.0 SP8 : python-pip (EulerOS-SA-2020-1176)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS stor...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2020-1176)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : python-pip (ALAS-2020-1340)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1340 advisory. In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles...

Amazon Linux 2 : python-pip (ALAS-2020-1389)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1389 advisory. In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles...

Medium: python-pip

Issue Overview: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store...

Medium: python-pip

Issue Overview: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store...

MGASA-2020-0063 Updated python-pip packages fix security vulnerabilities

Updated python-pip packages fix security vulnerabilities: The python-pip package bundles a copy of python-urllib3, which was affected by security issues. The bundled copy was updated to fix these issues CVE-2019-11324, CVE-2019-11236...

Updated python-pip packages fix security vulnerabilities

Updated python-pip packages fix security vulnerabilities: The python-pip package bundles a copy of python-urllib3, which was affected by security issues. The bundled copy was updated to fix these issues CVE-2019-11324, CVE-2019-11236...

Fedora: Security Advisory for python-pip (FEDORA-2020-d0d9ad17d8)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 30 : python-pip (2020-d0d9ad17d8)

Upgrade bundled urllib3 to 1.25.3, requests to 2.22.0. Security fix for CVE-2019-11324, CVE-2019-11236. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as mu...

[SECURITY] Fedora 30 Update: python-pip-19.0.3-6.fc30

pip is a package management system used to install and manage software pack ages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...

Fedora Update for python-pip FEDORA-2020-6148c44137

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 31 : python-pip (2020-6148c44137)

Upgrade bundled urllib3 to 1.25.3, requests to 2.22.0. Security fix for CVE-2019-11324, CVE-2019-11236. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as mu...

CVE-2013-5123

The mirroring support -M, --use-mirrors in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks...

CVE-2013-5123

The mirroring support -M, --use-mirrors in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks...

PYSEC-2019-160

The mirroring support -M, --use-mirrors in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks...