python-setuptools-0.9.8-7.0.2.el7.AXS7
エラータID: AXSA:2025-10851:04
リリース日:
2025/09/16 Tuesday - 15:01
題名:
python-setuptools-0.9.8-7.0.2.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- setuptools の PackageIndex には、パストラバーサル攻撃を許容
してしまう問題があるため、リモートの攻撃者により、任意のコードの
実行、および Python コードの実行権限による任意の場所へのファイルの
書き込みを可能とする脆弱性が存在します。(CVE-2025-47273)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- python-setuptools-0.9.8-7.0.2.el7.AXS7.noarch.rpm
MD5: 72ff816847ef4ede43c6a9296b4ed1a5
SHA-256: e63aa8800adb594bc16806d17988af2abdd4c9d1798d7774e2bbbd64789542bd
Size: 397.48 kB
English