- Issued:
- 2024-09-12
- Updated:
- 2024-09-12
RHSA-2024:6661 - Security Advisory
Synopsis
Important: python3-setuptools security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for python3-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
Fixes
- BZ - 2297771 - CVE-2024-6345 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
CVEs
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| python3-setuptools-39.2.0-10.el7_9.1.src.rpm | SHA-256: fad7d9e82380c2d8fdd0ec93474e924dc8de74f5f120b4ad9cbb9eccab6b68fb |
| x86_64 | |
| python3-setuptools-39.2.0-10.el7_9.1.noarch.rpm | SHA-256: 18b92910a67f3e2dc03c6d2d99b5bc9de1e7e5cb326a22d23a05e30e2ca60ed4 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7
| SRPM | |
|---|---|
| python3-setuptools-39.2.0-10.el7_9.1.src.rpm | SHA-256: fad7d9e82380c2d8fdd0ec93474e924dc8de74f5f120b4ad9cbb9eccab6b68fb |
| s390x | |
| python3-setuptools-39.2.0-10.el7_9.1.noarch.rpm | SHA-256: 18b92910a67f3e2dc03c6d2d99b5bc9de1e7e5cb326a22d23a05e30e2ca60ed4 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7
| SRPM | |
|---|---|
| python3-setuptools-39.2.0-10.el7_9.1.src.rpm | SHA-256: fad7d9e82380c2d8fdd0ec93474e924dc8de74f5f120b4ad9cbb9eccab6b68fb |
| ppc64 | |
| python3-setuptools-39.2.0-10.el7_9.1.noarch.rpm | SHA-256: 18b92910a67f3e2dc03c6d2d99b5bc9de1e7e5cb326a22d23a05e30e2ca60ed4 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7
| SRPM | |
|---|---|
| python3-setuptools-39.2.0-10.el7_9.1.src.rpm | SHA-256: fad7d9e82380c2d8fdd0ec93474e924dc8de74f5f120b4ad9cbb9eccab6b68fb |
| ppc64le | |
| python3-setuptools-39.2.0-10.el7_9.1.noarch.rpm | SHA-256: 18b92910a67f3e2dc03c6d2d99b5bc9de1e7e5cb326a22d23a05e30e2ca60ed4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
