pip: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201309-05 / pip
||September 12, 2013
||September 12, 2013: 1
All supported architectures
Multiple vulnerabilities have been found in pip, which may allow
remote attackers to execute arbitrary code or local attackers to conduct
pip is a tool for installing and managing Python packages.
Multiple vulnerabilities have been discovered in pip. Please review the
CVE identifiers referenced below for details.
A remote attacker could conduct a Man-in-the-Middle attack to cause pip
to execute arbitrary code. A local attacker could perform symlink attacks
to overwrite arbitrary files with the privileges of the user running the
There is no known workaround at this time.
All pip users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/pip-1.3.1"