Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 20.04 LTS: USN-4961-1 Moderate: Python-pip Installation Risk

ubuntu
Calendar Grey May 19, 2021
Dist Ubuntu Esm H88
The Ubuntu Security Advisory USN-4961-1 pertains to a security flaw in python-pip, which could lead to possible execution of malicious code through git revision access.
pip could be made to install different git revisions.

Summary

pip could be made to install different git revisions.

Software Description:

- python-pip: Python package installer

Details:

It was discovered that pip incorrectly handled unicode separators in git

references. A remote attacker could possibly use this issue to install a

different revision on a repository.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  python3-pip                     20.0.2-5ubuntu1.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4961-1

https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957

May 19, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here