Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.3737.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:3737-1)
Summary:The remote host is missing an update for the 'python-pip, python-scripttest' package(s) announced via the SUSE-SU-2020:3737-1 advisory.
Description:Summary:
The remote host is missing an update for the 'python-pip, python-scripttest' package(s) announced via the SUSE-SU-2020:3737-1 advisory.

Vulnerability Insight:
This update for python-pip, python-scripttest fixes the following issues:

Update in SLE-15 (bsc#1175297, jsc#ECO-3035, jsc#PM-2318)

python-pip was updated to 20.0.2:

Fix a regression in generation of compatibility tags

Rename an internal module, to avoid ImportErrors due to improper
uninstallation

Switch to a dedicated CLI tool for vendoring dependencies.

Remove wheel tag calculation from pip and use packaging.tags. This
should provide more tags ordered better than in prior releases.

Deprecate setup.py-based builds that do not generate an .egg-info
directory.

The pip>=20 wheel cache is not retro-compatible with previous versions.
Until pip 21.0, pip will continue to take advantage of existing legacy
cache entries.

Deprecate undocumented --skip-requirements-regex option.

Deprecate passing install-location-related options via --install-option.

Use literal 'abi3' for wheel tag on CPython 3.x, to align with PEP 384
which only defines it for this platform.

Remove interpreter-specific major version tag e.g. cp3-none-any from
consideration. This behavior was not documented strictly, and this tag
in particular is not useful. Anyone with a use case can create an issue
with pypa/packaging.

Wheel processing no longer permits wheels containing more than one
top-level .dist-info directory.

Support for the git+git@ form of VCS requirement is being deprecated
and will be removed in pip 21.0. Switch to git+https:// or git+ssh://.
git+git:// also works but its use is discouraged as it is insecure.

Default to doing a user install (as if --user was passed) when the main
site-packages directory is not writeable and user site-packages are
enabled.

Warn if a path in PATH starts with tilde during pip install.

Cache wheels built from Git requirements that are considered immutable,
because they point to a commit hash.

Add option --no-python-version-warning to silence warnings related to
deprecation of Python versions.

Cache wheels that pip wheel built locally, matching what pip install
does. This particularly helps performance in workflows where pip wheel
is used for building before installing. Users desiring the original
behavior can use pip wheel --no-cache-dir

Display CA information in pip debug.

Show only the filename (instead of full URL), when downloading from
PyPI.

Suggest a more robust command to upgrade pip itself to avoid confusion
when the current pip command is not available as pip.

Define all old pip console script entrypoints to prevent import issues
in stale wrapper scripts.

The build step of pip wheel now builds all wheels to a cache first,
then copies them to the wheel directory all at once. Before, it built
them to a temporary directory and moved them to the wheel directory one
by one.

Expand ~
prefix to user directory in path options, configs, and
environment variables. Values that may be either URL or path ar... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'python-pip, python-scripttest' package(s) on SUSE Linux Enterprise Module for Python2 15-SP2, SUSE Linux Enterprise Module for Python2 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Basesystem 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-20916
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.