python3-setuptools-39.2.0-10.0.1.el7.AXS7

エラータID: AXSA:2025-10847:01

Release date: 
Tuesday, September 16, 2025 - 10:38
Subject: 
python3-setuptools-39.2.0-10.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Setuptools is a collection of enhancements to the Python 3 distutils that allow
you to more easily build and distribute Python 3 packages, especially ones that
have dependencies on other packages.

This package also contains the runtime components of setuptools, necessary to
execute the software that requires pkg_resources.py.

Security Fix(es):

* CVE-2025-47273: fix path traversal vulnerability in PackageIndex

CVE(s):
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Solution: 

Update packages.

CVEs: 
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. python3-setuptools-39.2.0-10.0.1.el7.AXS7.noarch.rpm
    MD5: a9bd0d603098602c8ad768e4ce2667b5
    SHA-256: 8d096f0173d54cbe40cb7bfde543a5885ecdfff6297e6c012961b850962f2c28
    Size: 628.67 kB