python-setuptools-53.0.0-12.el9_4.1

エラータID: AXSA:2024-8685:02

Release date: 
Tuesday, August 20, 2024 - 15:11
Subject: 
python-setuptools-53.0.0-12.el9_4.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages.

Security Fix(es):

* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Solution: 

Update packages.

CVEs: 
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-setuptools-53.0.0-12.el9_4.1.src.rpm
    MD5: 9b5545551ba144e9e203dc0c6bb5d623
    SHA-256: 680076df934d400b0c5d05facf62bea28d9205ee88b935ad5d3ff7952f24bc4a
    Size: 1.98 MB

Asianux Server 9 for x86_64
  1. python3-setuptools-53.0.0-12.el9_4.1.noarch.rpm
    MD5: 6f7cfaa6def1fdf1b326e3271bc58352
    SHA-256: 42fd0284ea4ca4c3c59f989dfd2ba36e0d171a0ff308cd008878b720f785074b
    Size: 940.44 kB
  2. python3-setuptools-wheel-53.0.0-12.el9_4.1.noarch.rpm
    MD5: 1e1580ce783e15a5df7c10dce0cb0e08
    SHA-256: 6334ce9eb7979c21a26fb36606c50b46888989d72fa37e4740fd8a5b533e23c0
    Size: 466.94 kB