python3.12-setuptools-68.2.2-5.el9_6
エラータID: AXSA:2025-10714:02
リリース日:
2025/08/07 Thursday - 17:13
題名:
python3.12-setuptools-68.2.2-5.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- setuptools の PackageIndex には、パストラバーサル攻撃を許容
してしまう問題があるため、リモートの攻撃者により、任意のコードの
実行、および Python コードの実行権限による任意の場所へのファイルの
書き込みを可能とする脆弱性が存在します。(CVE-2025-47273)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.12-setuptools-68.2.2-5.el9_6.src.rpm
MD5: 6e403f294179e51dfae99656343540b6
SHA-256: 28d84ac1de8f4dd86ba3462f536ecce79557dead0a5fd9dc8c6ba0fe9d5c2a63
Size: 2.12 MB
Asianux Server 9 for x86_64
- python3.12-setuptools-68.2.2-5.el9_6.noarch.rpm
MD5: 60d55ba32a948d307c2cea1885189a79
SHA-256: 1959ea8c85b1920f9266dedc27fe534118a6dc79d54373c1d14bcdd66b942fae
Size: 1.57 MB - python3.12-setuptools-wheel-68.2.2-5.el9_6.noarch.rpm
MD5: ebd94c02ed24e952ad3bffb123f0873e
SHA-256: 14c41e65fb2ec5f670d129c21d499c8a936fcbfa975af25026124d12b0766f19
Size: 669.02 kB
English