python-setuptools-53.0.0-10.el9.1

エラータID: AXSA:2023-5193:02

Release date: 
Thursday, March 2, 2023 - 05:49
Subject: 
python-setuptools-53.0.0-10.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages.

Security Fix(es):

* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-40897
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Solution: 

Update packages.

CVEs: 
CVE-2022-40897
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-setuptools-53.0.0-10.el9.1.src.rpm
    MD5: a6b7858d4591b190364d3630e0550075
    SHA-256: 67501365ef0bba396cc9e3d02e26e9846ac67b9d40c8567556858ac9eb90fc9f
    Size: 1.98 MB

Asianux Server 9 for x86_64
  1. python3-setuptools-53.0.0-10.el9.1.noarch.rpm
    MD5: 55eea37b98d439876afa13778f893774
    SHA-256: 8c196570ab3cea50afc2a823cd99e396922697b5222e5f2a724242697c7a6e6c
    Size: 838.94 kB
  2. python3-setuptools-wheel-53.0.0-10.el9.1.noarch.rpm
    MD5: 1c7e462da5e3696d73ddcbbd8ed8e40b
    SHA-256: 37e9dbfec19e28ba2f2ad01825e2e3a9c79ab1227bb27c2e331ff4abeb494c9e
    Size: 468.39 kB