OESA-2026-2629

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2629

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2629.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2629

Upstream

CVE-2026-8643

Published

2026-06-12T12:25:25Z

Modified

2026-06-12T12:45:08.550089931Z

Summary

python-pip security update

Details

%changelog * Sat Jul 13 2024 yangyuan <yangyuan32@huawei.com> - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891

Security Fix(es):

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.(CVE-2026-8643)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS-SP1 / python-pip

Package

Name: python-pip
Purl: pkg:rpm/openEuler/python-pip&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.3.1-13.oe2403sp1

Ecosystem specific

{
    "src": [
        "python-pip-23.3.1-13.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "python-pip-help-23.3.1-13.oe2403sp1.noarch.rpm",
        "python-pip-wheel-23.3.1-13.oe2403sp1.noarch.rpm",
        "python3-pip-23.3.1-13.oe2403sp1.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2629.json"