An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20202-1 Rating: low References: * bsc#1257599 Cross-References: * CVE-2026-1703 CVSS scores: * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for python-pip fixes the following issues: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives (bsc#1257599). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-256=1 Package List: - openSUSE Leap 16.0: python313-pip-25.0.1-160000.3.1 python313-pip-wheel-25.0.1-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-1703.html . Update for openSUSE resolves a bug and a low-severity vulnerability in python-pip related to archive extraction.. python-pip security low severity openSUSE update. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.