Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:5530

Опубликовано: 21 авг. 2024
Источник: rocky
Оценка: Important

Описание

Important: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages.

Security Fix(es):

  • pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
platform-python-setuptoolsnoarch8.el8_10platform-python-setuptools-39.2.0-8.el8_10.noarch.rpm
python3-setuptoolsnoarch8.el8_10python3-setuptools-39.2.0-8.el8_10.noarch.rpm
python3-setuptools-wheelnoarch8.el8_10python3-setuptools-wheel-39.2.0-8.el8_10.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-6345

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-6345

CVSS3: 8.8
ubuntu
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

redhat логотип

CVE-2024-6345

CVSS3: 8.8
redhat
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

nvd логотип

CVE-2024-6345

CVSS3: 8.8
nvd
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

msrc логотип

CVE-2024-6345

CVSS3: 8.8
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-6345

CVSS3: 8.8
debian
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools version ...