-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python-virtualenv security update Advisory ID: RHSA-2022:5234-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5234 Issue date: 2022-06-28 CVE Names: CVE-2019-20916 ==================================================================== 1. Summary: An update for python-virtualenv is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix(es): * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1868135 - CVE-2019-20916 python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: python-virtualenv-15.1.0-7.el7_9.src.rpm noarch: python-virtualenv-15.1.0-7.el7_9.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: python-virtualenv-15.1.0-7.el7_9.src.rpm noarch: python-virtualenv-15.1.0-7.el7_9.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: python-virtualenv-15.1.0-7.el7_9.src.rpm noarch: python-virtualenv-15.1.0-7.el7_9.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: python-virtualenv-15.1.0-7.el7_9.src.rpm noarch: python-virtualenv-15.1.0-7.el7_9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYrtJ6NzjgjWX9erEAQhEiA/+IThsZVtYc7rKV5LKlzAhaQqRJ8tENsuM y6hqYTMEQRIBBbpU/gMTu44wfUSR0K/0sqf5gr/VTEPpREmEdSjTuB0GjsX8GL+s qZyzd4ctWhB6+5pnAd0Fs/PM5WnY6+POV9eSD5Ka4oSUz7xlTcVo+Q4ltx/sStAn ncgxhnJd1Q61O3w44EMxc2XIZx15zv7EXskIYAH7AKAlpXF6I1HqZRoIa/3YgvNv vmPTtOse2GU+hqrOhAoGtCu7a4WVJVSpotPlEenNSTcuMZGa75Pxf7+eQl3b8azA 8XZ5I2JjBz9/4RKmfq70/4UdtuVPk4cIqNE5T+FR1t/XsK95ta1b+hTdZnbDqSER lyNu42PSaOTQMAxfbAnNNJiw+DJ/K3RrYDIgeiLn6JnpFNQ8NrT62Pji7kWt6Kcp 5wrhLN1p1CdD5EpE1CFujgMWlnUsyX+TM5H+fBDvF3Fj0Yd0vIpkSA8N0briSkKX Y2by69Nw/Ya3CmYE6iNwi43jJ1IcioLql/khEPi0YQyLexU/Yl3i8rqmF/jQi1fT K/XNJez910t9FQX2MCLFp4XQKax8N/I/qkHfo8/9kFPaGLPIRulHQMvGgNqSy/xq opyUPJgU+xPJmMiCY0jCFIVUvnkImU3Qb8gd8I0COnpj5tiIRoP0Zrxt9wT17c6w 6rAGnb1LHD8=6wD8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce