python3.11-setuptools-65.5.1-4.el9_6
エラータID: AXSA:2025-10739:02
リリース日:
2025/08/14 Thursday - 11:31
題名:
python3.11-setuptools-65.5.1-4.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- setuptools の PackageIndex には、パストラバーサル攻撃を許容
してしまう問題があるため、リモートの攻撃者により、任意のコードの
実行、および Python コードの実行権限による任意の場所へのファイル
の書き込みを可能とする脆弱性が存在します。(CVE-2025-47273)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-setuptools-65.5.1-4.el9_6.src.rpm
MD5: f52cfae2f0380c1dc23fb981cf135825
SHA-256: 2df13f700a13ce32dea535d6c490fd64bb165148e0715a1f32cf4042a853c181
Size: 2.51 MB
Asianux Server 9 for x86_64
- python3.11-setuptools-65.5.1-4.el9_6.noarch.rpm
MD5: b9aad8cfc743455e21db2ca5955487ae
SHA-256: 34f20b847c97df89d53c86941585f2691d865a026d5d9365f2f5c1d415546f83
Size: 1.70 MB - python3.11-setuptools-wheel-65.5.1-4.el9_6.noarch.rpm
MD5: 030eef18946418e94c41ea75bc8bb9c0
SHA-256: a566b966334f6a3f09123fb1081ccd4c2b9d03ed37429ba89f1abac09fddea67
Size: 711.94 kB
English