- Issued:
- 2024-09-12
- Updated:
- 2024-09-12
RHSA-2024:6662 - Security Advisory
Synopsis
Important: python-setuptools security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
Fixes
- BZ - 2297771 - CVE-2024-6345 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
CVEs
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| python-setuptools-0.9.8-7.el7_9.1.src.rpm | SHA-256: 7608b0d162a0f4b3f0db26f36736d30fa18e1ca8a18123c0d01cec09ec142e63 |
| x86_64 | |
| python-setuptools-0.9.8-7.el7_9.1.noarch.rpm | SHA-256: 18ce2c0292673a12a46e116ff7b45e2685573b50ed70112cd0d8b0bf89b2e4a7 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7
| SRPM | |
|---|---|
| python-setuptools-0.9.8-7.el7_9.1.src.rpm | SHA-256: 7608b0d162a0f4b3f0db26f36736d30fa18e1ca8a18123c0d01cec09ec142e63 |
| s390x | |
| python-setuptools-0.9.8-7.el7_9.1.noarch.rpm | SHA-256: 18ce2c0292673a12a46e116ff7b45e2685573b50ed70112cd0d8b0bf89b2e4a7 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7
| SRPM | |
|---|---|
| python-setuptools-0.9.8-7.el7_9.1.src.rpm | SHA-256: 7608b0d162a0f4b3f0db26f36736d30fa18e1ca8a18123c0d01cec09ec142e63 |
| ppc64 | |
| python-setuptools-0.9.8-7.el7_9.1.noarch.rpm | SHA-256: 18ce2c0292673a12a46e116ff7b45e2685573b50ed70112cd0d8b0bf89b2e4a7 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7
| SRPM | |
|---|---|
| python-setuptools-0.9.8-7.el7_9.1.src.rpm | SHA-256: 7608b0d162a0f4b3f0db26f36736d30fa18e1ca8a18123c0d01cec09ec142e63 |
| ppc64le | |
| python-setuptools-0.9.8-7.el7_9.1.noarch.rpm | SHA-256: 18ce2c0292673a12a46e116ff7b45e2685573b50ed70112cd0d8b0bf89b2e4a7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
