python-setuptools security update

2024-08-2114:52:19

Rockylinux Product Errata

errata.rockylinux.org

python-setuptools

security update

rocky linux 8

remote code execution

cvss

cve

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

JSON

An update is available for python-setuptools.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages.

Security Fix(es):

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8noarchplatform-python-setuptools< 39.2.0-8.el8_10platform-python-setuptools-0:39.2.0-8.el8_10.noarch.rpm
rocky8noarchpython3-setuptools< 39.2.0-8.el8_10python3-setuptools-0:39.2.0-8.el8_10.noarch.rpm
rocky8noarchpython3-setuptools-wheel< 39.2.0-8.el8_10python3-setuptools-wheel-0:39.2.0-8.el8_10.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	noarch	platform-python-setuptools	< 39.2.0-8.el8_10	platform-python-setuptools-0:39.2.0-8.el8_10.noarch.rpm
rocky	8	noarch	python3-setuptools	< 39.2.0-8.el8_10	python3-setuptools-0:39.2.0-8.el8_10.noarch.rpm
rocky	8	noarch	python3-setuptools-wheel	< 39.2.0-8.el8_10	python3-setuptools-wheel-0:39.2.0-8.el8_10.noarch.rpm