python3.12-setuptools-68.2.2-5.el8_10
エラータID: AXSA:2025-10501:01
リリース日:
2025/07/17 Thursday - 12:05
題名:
python3.12-setuptools-68.2.2-5.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- setuptools の PackageIndex には、パストラバーサル攻撃を許容
してしまう問題があるため、リモートの攻撃者により、任意のコードの
実行、および Python コードの実行権限による任意の場所へのファイルの
書き込みを可能とする脆弱性が存在します。(CVE-2025-47273)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.12-setuptools-68.2.2-5.el8_10.src.rpm
MD5: 962ae4aa3fd59e17ce619ebeabd619c7
SHA-256: c082e539095875d9894d6d2e4b6e2394d4af270872dfd6ec7f750b212dc37352
Size: 2.11 MB
Asianux Server 8 for x86_64
- python3.12-setuptools-68.2.2-5.el8_10.noarch.rpm
MD5: 6b317d0138571120b120be3047e6ac8f
SHA-256: 56c47988c77a12c60e0afd9626146dc3a71f9c94b5abca33cd1fae3be95bfdbb
Size: 1.72 MB - python3.12-setuptools-wheel-68.2.2-5.el8_10.noarch.rpm
MD5: c680ccef4edc538ef288f2fe14191531
SHA-256: cf5f188e0f22c1b60d5d6f04eede3a4ae383fc6bbd0c8a368040e009fe2f8882
Size: 676.18 kB
English