python-setuptools-0.9.8-7.0.1.el7.AXS7
エラータID: AXSA:2024-9025:03
リリース日:
2024/11/19 Tuesday - 09:22
題名:
python-setuptools-0.9.8-7.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pypa/setuptools の package_index モジュールには、リモート
の攻撃者により、利用者もしくはパッケージインデックス
サーバーから取得した細工された URL の処理を介して、任意
のコマンドの実行を可能とする脆弱性が存在します。
(CVE-2024-6345)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- python-setuptools-0.9.8-7.0.1.el7.AXS7.noarch.rpm
MD5: def0a704b99059bb14e185b48916eee6
SHA-256: 8d24320247210f93a82d5101e7ce0d1ab784c14b00d86342adb0c7101d661205
Size: 396.96 kB
English