Paul Moore

**Name of the Vulnerable Software and Affected Versions** pip (affected versions not specified) **Description** pip fails to sanitize the resolved absolute path to the installation directory when treating `console scripts` and `gui scripts` as paths rather than file names. This allows entry points to be installed outside the intended installation directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.11.7 EosKernel-3.4 **Description** The issue allows attackers to cause a denial of service, resulting in an infinite loop and crash. This can be triggered remotely through the network by sending certain malformed packets, specifically IP packets with rarely used packet options. The exposure is specific to certain EOS releases that use the affected EosKernel-3.4. **Recommendations** For Linux kernel versions prior to 3.11.7, update to version 3.11.7 or later to resolve the issue. For EosKernel-3.4, follow the resolution steps documented in the relevant sections for the affected Arista EOS versions. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.