python3.11-setuptools-65.5.1-2.el9_4.1
エラータID: AXSA:2024-8653:01
リリース日:
2024/08/14 Wednesday - 18:49
題名:
python3.11-setuptools-65.5.1-2.el9_4.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pypa/setuptools の package_index モジュールには、
リモートの攻撃者により、利用者もしくはパッケージ
インデックスサーバーから取得した細工された URL
の処理を介して、任意のコマンドの実行を可能とする
脆弱性が存在します。(CVE-2024-6345)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-setuptools-65.5.1-2.el9_4.1.src.rpm
MD5: 5b38673a43a3ff33f9c6af1e17390afe
SHA-256: e8d6efb49519d60b5c900dbe784c75fd0e71d65df6c3cc4d512318d1ecbc5ae7
Size: 2.51 MB
Asianux Server 9 for x86_64
- python3.11-setuptools-65.5.1-2.el9_4.1.noarch.rpm
MD5: 163713fd4e1d4373a3a512a65db6cd8b
SHA-256: da5c7c296575c206295130db80e070a9d7075dd973b66659ec40c8d45504cb05
Size: 1.70 MB - python3.11-setuptools-wheel-65.5.1-2.el9_4.1.noarch.rpm
MD5: 709b9de30176d9a38b28d962962eaa41
SHA-256: 26fb9d9618dfa501964d5aeb5ba88b3e4de73462a946f9c4863fb164c44aa738
Size: 713.25 kB
English