Security update for python39-setuptools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01723-1 Final 1 1 2025-05-28T11:08:22Z current 2025-05-28T11:08:22Z 2025-05-28T11:08:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python39-setuptools This update for python39-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1723,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1723,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1723,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1723,SUSE-Storage-7.1-2025-1723,openSUSE-SLE-15.6-2025-1723 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501723-1/ Link for SUSE-SU-2025:01723-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039363.html E-Mail link for SUSE-SU-2025:01723-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243313 SUSE Bug 1243313 https://www.suse.com/security/cve/CVE-2025-47273/ SUSE CVE CVE-2025-47273 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 openSUSE Leap 15.6 python39-setuptools-44.1.1-150300.7.12.1 python39-setuptools-44.1.1-150300.7.12.1 as a component of SUSE Enterprise Storage 7.1 python39-setuptools-44.1.1-150300.7.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS python39-setuptools-44.1.1-150300.7.12.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS python39-setuptools-44.1.1-150300.7.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 python39-setuptools-44.1.1-150300.7.12.1 as a component of openSUSE Leap 15.6 setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. CVE-2025-47273 SUSE Enterprise Storage 7.1:python39-setuptools-44.1.1-150300.7.12.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.12.1 SUSE Linux Enterprise Server 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:python39-setuptools-44.1.1-150300.7.12.1 openSUSE Leap 15.6:python39-setuptools-44.1.1-150300.7.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501723-1/ https://www.suse.com/security/cve/CVE-2025-47273.html CVE-2025-47273 https://bugzilla.suse.com/1243313 SUSE Bug 1243313