python-setuptools-39.2.0-6.el8.1

エラータID: AXSA:2023-5166:01

Release date: 
Monday, February 27, 2023 - 06:50
Subject: 
python-setuptools-39.2.0-6.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages.

Security Fix(es):

* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-40897
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. python-setuptools-39.2.0-6.el8.1.src.rpm
    MD5: 0531f73963cacb898cc85618ceffa888
    SHA-256: 89d2a9a8ca4ba3cfd3421f8babf7d2dbb00fb8c3f92874959ee379b280703d67
    Size: 845.72 kB

Asianux Server 8 for x86_64
  1. platform-python-setuptools-39.2.0-6.el8.1.noarch.rpm
    MD5: 7609fa3b33fd52024b46602d7fd588f4
    SHA-256: 569cfe5b3f75c8c8aaec471a6c903b54469a30eebf125c1305cbf317347a40ec
    Size: 629.88 kB
  2. python3-setuptools-39.2.0-6.el8.1.noarch.rpm
    MD5: 8799c28081f218e48bb29e1b58928445
    SHA-256: f515337fa7fab8e8fb1e4691aebd35c401997a5a041961603d065ff18741664a
    Size: 161.71 kB
  3. python3-setuptools-wheel-39.2.0-6.el8.1.noarch.rpm
    MD5: 8275e841507f718548ada1da0a368c6b
    SHA-256: a5589ed8d86b93c92769b88bf341d6db607ae7784ec0e8a44f5ef26c25f383e4
    Size: 285.72 kB