Joined: 12 May 2004
|Posted: Thu Sep 12, 2013 9:26 pm Post subject: [ GLSA 201309-05 ] pip: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: pip: Multiple vulnerabilities (GLSA 201309-05)
Exploitable: local, remote
Date: September 12, 2013
Bug(s): #462616, #480202
Multiple vulnerabilities have been found in pip, which may allow
remote attackers to execute arbitrary code or local attackers to conduct
pip is a tool for installing and managing Python packages.
Vulnerable: < 1.3.1
Unaffected: >= 1.3.1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in pip. Please review the
CVE identifiers referenced below for details.
A remote attacker could conduct a Man-in-the-Middle attack to cause pip
to execute arbitrary code. A local attacker could perform symlink attacks
to overwrite arbitrary files with the privileges of the user running the
There is no known workaround at this time.
All pip users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/pip-1.3.1"