python3.11-setuptools-65.5.1-3.el8_10
エラータID: AXSA:2024-8681:02
リリース日:
2024/08/20 Tuesday - 11:26
題名:
python3.11-setuptools-65.5.1-3.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pypa/setuptools の package_index モジュールには、
リモートの攻撃者により、利用者もしくはパッケージ
インデックスサーバーから取得した細工された URL
の処理を介して、任意のコマンドの実行を可能とする
脆弱性が存在します。(CVE-2024-6345)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-setuptools-65.5.1-3.el8_10.src.rpm
MD5: cb34b6b7b6033d034641d70bfd959b05
SHA-256: c5a3b6d4924beee1e1d68bc823e0a5352bb7de9b9a31d4c0d6b0bc76f879a636
Size: 2.51 MB
Asianux Server 8 for x86_64
- python3.11-setuptools-65.5.1-3.el8_10.noarch.rpm
MD5: a858f180cf84a553a6db9876935cd203
SHA-256: bd190d7ff57cc9a8185872f1aa951a981ebfc5bc5a4fde04d91f170e3770b371
Size: 1.96 MB - python3.11-setuptools-wheel-65.5.1-3.el8_10.noarch.rpm
MD5: 18e4fc1e9682d257f8f15e78e91c7918
SHA-256: f4dc4d7d254ddbc2fe5ed124c9d85ace9b9735e2dc4ffdf4c2eae8bf512c7f3c
Size: 720.51 kB
English