python-setuptools-0.9.8-7.0.2.el7.AXS7

エラータID: AXSA:2025-10851:04

Release date: 
Tuesday, September 16, 2025 - 15:01
Subject: 
python-setuptools-0.9.8-7.0.2.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Setuptools is a collection of enhancements to the Python distutils that allow
you to more easily build and distribute Python packages, especially ones that
have dependencies on other packages.

This package contains the runtime components of setuptools, necessary to
execute the software that requires pkg_resources.py.

This package contains the distribute fork of setuptools.

Security Fix(es):

* CVE-2025-47273: fix path traversal vulnerability in PackageIndex

CVE(s):
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Solution: 

Update packages.

CVEs: 
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. python-setuptools-0.9.8-7.0.2.el7.AXS7.noarch.rpm
    MD5: 72ff816847ef4ede43c6a9296b4ed1a5
    SHA-256: e63aa8800adb594bc16806d17988af2abdd4c9d1798d7774e2bbbd64789542bd
    Size: 397.48 kB