Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2025:0003

Issued: 2025-01-10
Updated: 2025-01-10

Summary

python-virtualenv security update

Severity

Important

Description

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2024-53899:
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

References

CVE-2024-53899SCORE:7.8/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Updated Packages

noarch
- python-virtualenv-15.1.0-7.1.al7.1.noarch.rpm → (download)
src
- python-virtualenv-15.1.0-7.1.al7.1.src.rpm → (download)