Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:5279

Опубликовано: 21 авг. 2024
Источник: rocky
Оценка: Important

Описание

Important: python3.11-setuptools security update

Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources.

Security Fix(es):

  • pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
python3.11-setuptoolsnoarch2.el9_4.1python3.11-setuptools-65.5.1-2.el9_4.1.noarch.rpm
python3.11-setuptools-wheelnoarch2.el9_4.1python3.11-setuptools-wheel-65.5.1-2.el9_4.1.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-6345

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-6345

CVSS3: 8.8
ubuntu
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

redhat логотип

CVE-2024-6345

CVSS3: 8.8
redhat
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

nvd логотип

CVE-2024-6345

CVSS3: 8.8
nvd
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

msrc логотип

CVE-2024-6345

CVSS3: 8.8
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-6345

CVSS3: 8.8
debian
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools version ...