python-setuptools-53.0.0-12.el9_4.1
エラータID: AXSA:2024-8685:02
リリース日:
2024/08/20 Tuesday - 15:11
題名:
python-setuptools-53.0.0-12.el9_4.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pypa/setuptools の package_index モジュールには、
リモートの攻撃者により、利用者もしくはパッケージ
インデックスサーバーから取得した細工された URL
の処理を介して、任意のコマンドの実行を可能とする
脆弱性が存在します。(CVE-2024-6345)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
追加情報:
N/A
ダウンロード:
SRPMS
- python-setuptools-53.0.0-12.el9_4.1.src.rpm
MD5: 9b5545551ba144e9e203dc0c6bb5d623
SHA-256: 680076df934d400b0c5d05facf62bea28d9205ee88b935ad5d3ff7952f24bc4a
Size: 1.98 MB
Asianux Server 9 for x86_64
- python3-setuptools-53.0.0-12.el9_4.1.noarch.rpm
MD5: 6f7cfaa6def1fdf1b326e3271bc58352
SHA-256: 42fd0284ea4ca4c3c59f989dfd2ba36e0d171a0ff308cd008878b720f785074b
Size: 940.44 kB - python3-setuptools-wheel-53.0.0-12.el9_4.1.noarch.rpm
MD5: 1e1580ce783e15a5df7c10dce0cb0e08
SHA-256: 6334ce9eb7979c21a26fb36606c50b46888989d72fa37e4740fd8a5b533e23c0
Size: 466.94 kB