Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update

An update for python27-python, python27-python-pip, and python27-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

openSUSE Security Update : python-pip (openSUSE-2020-1613)

This update for python-pip fixes the following issues : - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE: Security Advisory for python-pip (openSUSE-SU-2020:1613-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for python-pip (openSUSE-SU-2020:1598-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : python-pip (openSUSE-2020-1598)

This update for python-pip fixes the following issues : - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

OPENSUSE-SU-2020:1613-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project...

Security update for python-pip (moderate)

openSUSE Security Update: Security update for python-pip Announcement ID: openSUSE-SU-2020:1598-1 Rating: moderate References: 1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...

Security update for python-pip (moderate)

openSUSE Security Update: Security update for python-pip Announcement ID: openSUSE-SU-2020:1613-1 Rating: moderate References: 1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

OPENSUSE-SU-2020:1598-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project...

CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

SUSE-SU-2020:2784-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...

SUSE-SU-2020:2726-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...

SUSE-SU-2020:2698-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...

Debian DLA-2370-1 : python-pip security update

It was discovered that there was a directory traversal attack in pip, the Python package installer. When an URL was given in an install command, as a Content-Disposition header was permitted to have '../' components in their filename, arbitrary local files eg. /root/.ssh/authorizedkeys could be...

[SECURITY] [DLA 2370-1] python-pip security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2370-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2020 https://wiki.debian.org/LTS -...

DLA-2370-1 python-pip - security update

Bulletin has no description...

Python pip directory traversal vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A directory traversal vulnerability exists in Python pip versions prior to 19.2. The vulnerability stems...

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

PYSEC-2020-192

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

NewStart CGSL MAIN 6.01 : python-pip Multiple Vulnerabilities (NS-SA-2020-0035)

The remote NewStart CGSL host, running version MAIN 6.01, has python-pip packages installed that are affected by multiple vulnerabilities: - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA...