python3-setuptools-39.2.0-10.0.1.el7.AXS7
エラータID: AXSA:2025-10847:01
リリース日:
2025/09/16 Tuesday - 10:38
題名:
python3-setuptools-39.2.0-10.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- setuptools の PackageIndex には、パストラバーサル攻撃を許容
してしまう問題があるため、リモートの攻撃者により、任意のコードの
実行、および Python コードの実行権限による任意の場所へのファイルの
書き込みを可能とする脆弱性が存在します。(CVE-2025-47273)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- python3-setuptools-39.2.0-10.0.1.el7.AXS7.noarch.rpm
MD5: a9bd0d603098602c8ad768e4ce2667b5
SHA-256: 8d096f0173d54cbe40cb7bfde543a5885ecdfff6297e6c012961b850962f2c28
Size: 628.67 kB
English