python-setuptools-0.9.8-7.0.1.el7.AXS7

エラータID: AXSA:2024-9025:03

Release date: 
Tuesday, November 19, 2024 - 09:22
Subject: 
python-setuptools-0.9.8-7.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Setuptools is a collection of enhancements to the Python distutils that allow
you to more easily build and distribute Python packages, especially ones that
have dependencies on other packages.

This package contains the runtime components of setuptools, necessary to execute
the software that requires pkg_resources.py.

This package contains the distribute fork of setuptools.

Security Fix(es):

* CVE-2024-6345: modernize package_index VCS handling

CVE(s):
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Solution: 

Update packages.

CVEs: 
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. python-setuptools-0.9.8-7.0.1.el7.AXS7.noarch.rpm
    MD5: def0a704b99059bb14e185b48916eee6
    SHA-256: 8d24320247210f93a82d5101e7ce0d1ab784c14b00d86342adb0c7101d661205
    Size: 396.96 kB