Updated python3 packages fix security vulnerabilities

Update python3 to 3.8.11 to fix several security issues. Fixes in 3.8.10 are also included. Bundled pip and setuptools were updated in 3.8.11 so python-pip needs to be updated to 21.1.3 and python-setuptools to 56.2.0 at the same time. Also, we fix the following issue: In Python before 3.9.5, the...

MGASA-2021-0371 Updated python-pip packages fix security vulnerabilities

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository CVE-2021-3572. The bundled python-urllib3 was also vulnerable to: The urllib3 library 1.26.x before 1.26.4 for...

SUSE-SU-2021:2441-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references bsc1186819...

SUSE-SU-2021:2304-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references bsc1186819...

Medium: python-pip

Issue Overview: A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates...

SUSE: Security Advisory (SUSE-SU-2020:3737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3599-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2698-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-pip (FEDORA-2021-1b6848f31c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3572

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

Fedora: Security Advisory for python-pip (FEDORA-2021-3f378dda90)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Medium: python-pip

Issue Overview: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in...

Amazon Linux 2 : python-pip (ALAS-2021-1639)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1639 advisory. The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting...

Ubuntu: Security Advisory (USN-4961-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4961-1: pip vulnerability

It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository...

Ubuntu 20.04 LTS : pip vulnerability (USN-4961-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4961-1 advisory. It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revisi...

python-pip bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

SUSE: Security Advisory (SUSE-SU-2020:3565-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2784-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-1728)

According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...