SUSE-SU-2023:4988-1

Details

Description of the patch:

This update for python-pip fixes the following issues:

CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353).

Affected Packages

python311-pip

SUSE Linux Enterprise Desktop 15 SP4SUSE Linux Enterprise Desktop 15 SP5SUSE Linux Enterprise High Performance Computing 15 SP4SUSE Linux Enterprise High Performance Computing 15 SP5SUSE Linux Enterprise Module for Python 3 15 SP4

Fixed in:

22.3.1-150400.17.12.1

References

ADVISORY

https://bugzilla.suse.com/1217353

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2023-December/017567.html

ADVISORY

https://www.suse.com/security/cve/CVE-2023-5752/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2023/suse-su-20234988-1/