python3.12-setuptools-68.2.2-4.el8_10
エラータID: AXSA:2024-8682:01
リリース日:
2024/08/20 Tuesday - 14:52
題名:
python3.12-setuptools-68.2.2-4.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pypa/setuptools の package_index モジュールには、
リモートの攻撃者により、利用者もしくはパッケージ
インデックスサーバーから取得した細工された URL
の処理を介して、任意のコマンドの実行を可能とする
脆弱性が存在します。(CVE-2024-6345)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.12-setuptools-68.2.2-4.el8_10.src.rpm
MD5: f7886e08c85ed3d6c5886e36c552bcb2
SHA-256: 73bba5b0abf06146083a320ff9bc62f1e5449e26523abdbce9f564998ca371df
Size: 2.11 MB
Asianux Server 8 for x86_64
- python3.12-setuptools-68.2.2-4.el8_10.noarch.rpm
MD5: 20487e565530c462a1a1171f1a567a31
SHA-256: b8642a0833781d2a7460bca6be6342f3391c5aa46cc103881fdd8e61b6cc1727
Size: 1.72 MB - python3.12-setuptools-wheel-68.2.2-4.el8_10.noarch.rpm
MD5: dbf0c1263a1f92dcd38ddaaa0788f59d
SHA-256: 3b1dc541968d024937fae8798fde9907206a421f4e1dad8d403a6546c4fc87a5
Size: 675.97 kB
English