python-setuptools-53.0.0-13.el9_6.1
エラータID: AXSA:2025-10622:03
リリース日:
2025/07/29 Tuesday - 11:00
題名:
python-setuptools-53.0.0-13.el9_6.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- setuptools の PackageIndex には、パストラバーサル攻撃を許容
してしまう問題があるため、リモートの攻撃者により、任意のコードの
実行、および Python コードの実行権限による任意の場所へのファイルの
書き込みを可能とする脆弱性が存在します。(CVE-2025-47273)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- python-setuptools-53.0.0-13.el9_6.1.src.rpm
MD5: 3298cd7c37a199a329ca9848540ade4b
SHA-256: 667ec793aad7a3928d740b3c02e65417d74e18cb660eb83b64a8c165d5363de4
Size: 1.98 MB
Asianux Server 9 for x86_64
- python3-setuptools-53.0.0-13.el9_6.1.noarch.rpm
MD5: 3370d6b48b2c2bbeea7cea212c2c1a73
SHA-256: 5f539f591ae862520b5e368fc3ace3d24302f1a4844539c40e6f6fa021b66012
Size: 940.01 kB - python3-setuptools-wheel-53.0.0-13.el9_6.1.noarch.rpm
MD5: 4b02e462ee8f0060a53f59f154bd82c5
SHA-256: 7ad7fb8828d3a36c286950b933ba8efe25671b9bee278658b613b25e15a1752c
Size: 466.85 kB
English