python3.12-setuptools-68.2.2-3.el9_4.1
エラータID: AXSA:2024-8684:02
リリース日:
2024/08/20 Tuesday - 15:09
題名:
python3.12-setuptools-68.2.2-3.el9_4.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pypa/setuptools の package_index モジュールには、
リモートの攻撃者により、利用者もしくはパッケージ
インデックスサーバーから取得した細工された URL
の処理を介して、任意のコマンドの実行を可能とする
脆弱性が存在します。(CVE-2024-6345)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.12-setuptools-68.2.2-3.el9_4.1.src.rpm
MD5: 727822f6cfdead3ba244cb49748edfab
SHA-256: 373ef517701150207d6db7a6af36565ba30e4feea53c629863516839b69b948d
Size: 2.12 MB
Asianux Server 9 for x86_64
- python3.12-setuptools-68.2.2-3.el9_4.1.noarch.rpm
MD5: 2e9ce6654668caaa86b94588f1e83189
SHA-256: 334e4c10cb6f92be6497c7d65a8543a65a2f9c27d0aa621ec1a71002e35b0003
Size: 1.57 MB - python3.12-setuptools-wheel-68.2.2-3.el9_4.1.noarch.rpm
MD5: 88478907265b1c5973d3895cda6388d4
SHA-256: 71d8b03856432fae6e97c2e247820437dfee80c4effe1b0c858821ab883e0d0d
Size: 668.90 kB
English