python-setuptools-39.2.0-8.el8_10

エラータID: AXSA:2024-8683:01

Release date: 
Tuesday, August 20, 2024 - 14:58
Subject: 
python-setuptools-39.2.0-8.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages.

Security Fix(es):

* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Solution: 

Update packages.

CVEs: 
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-setuptools-39.2.0-8.el8_10.src.rpm
    MD5: 89810821b3e8620d39f56a491e4f413b
    SHA-256: f962a7bff878725fc68cd4db07ee4f825e5b9334bd9d961fc86cc7a55b8df5c9
    Size: 847.06 kB

Asianux Server 8 for x86_64
  1. platform-python-setuptools-39.2.0-8.el8_10.noarch.rpm
    MD5: d13ba41886e4cad1c579df378f2df21f
    SHA-256: b0fc3d8e11afa3714eeaf164cdb7597dbe75c2ac7c544915c665ada8ab7c7097
    Size: 630.03 kB
  2. python3-setuptools-39.2.0-8.el8_10.noarch.rpm
    MD5: 99426aa8411d46c0b2563c3d51683f0e
    SHA-256: 423a8f60d3b3a59a5a0c254a32d2b7451ee4a1a0a3e3c9729a126cb289d641d2
    Size: 161.81 kB
  3. python3-setuptools-wheel-39.2.0-8.el8_10.noarch.rpm
    MD5: a6a702568c527bf858c94af7fbaa9054
    SHA-256: ff06f86beb39ddd4e9812e0f653706a6798219aee69801357c1b6aa7627e4edd
    Size: 285.82 kB