python3.11-setuptools-65.5.1-4.el8_10
エラータID: AXSA:2025-10503:01
リリース日:
2025/07/17 Thursday - 13:18
題名:
python3.11-setuptools-65.5.1-4.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- setuptools の PackageIndex には、パストラバーサル攻撃を許容
してしまう問題があるため、リモートの攻撃者により、任意のコードの
実行、および Python コードの実行権限による任意の場所へのファイルの
書き込みを可能とする脆弱性が存在します。(CVE-2025-47273)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-setuptools-65.5.1-4.el8_10.src.rpm
MD5: 0e7843bdc1a7058379e267b63cbd4a27
SHA-256: 5b4142fd1ddd74354b829a4929297430f1affd02bb08a1cc56995c0becc7ab47
Size: 2.51 MB
Asianux Server 8 for x86_64
- python3.11-setuptools-65.5.1-4.el8_10.noarch.rpm
MD5: d6e2a87fb30ad23919ca306480b8d696
SHA-256: 838bfeb2b2d0a2972e945cbc11f0e79e20f12a0b0b10ef29b72ae57acb35ef69
Size: 1.96 MB - python3.11-setuptools-wheel-65.5.1-4.el8_10.noarch.rpm
MD5: f7041206a09684266f1041bfad08a355
SHA-256: 52bffba16ba30eadb9f9238919c725a3fdd7fa4440b57737273178e9cbbb3ed1
Size: 720.67 kB
English