-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-8.10, rhel-9.3.0.z, rhel-9.4
-
None
-
python3.11-pip-22.3.1-5.el8
-
None
-
None
-
rhel-sst-pt-python-ruby-nodejs
-
ssg_core_services
-
25
-
26
-
None
-
False
-
-
None
-
None
-
None
The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.
- clones
-
RHEL-25446 python-pip - require Python with tarfile filters [rhel-8]
- Closed
- is cloned by
-
RHEL-25454 python3.11-pip - require Python with tarfile filters [rhel-8.9.0.z]
- Closed
-
RHEL-25455 python3.11-pip - require Python with tarfile filters [rhel-9]
- Closed
- links to
-
RHBA-2024:127872 python3.11-pip update
- mentioned on
(1 mentioned on)