Vulmon
Amazon Linux AMI Security Advisory: ALAS-2018-1003
Advisory Release Date: 2018-04-26 17:28 Pacific
Advisory Updated Date: 2018-05-03 22:35 Pacific
Severity:
Medium
Issue Overview:
DOS via regular expression catastrophic backtracking in apop() method in pop3lib
A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service. (CVE-2018-1060)
DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. (CVE-2018-1061)
Affected Packages:
python34, python35, python36, python27
Issue Correction:
Run yum update python34 to update your system.
Run yum update python35 to update your system.
Run yum update python36 to update your system.
New Packages:
i686:
python34-test-3.4.8-1.39.amzn1.i686
python34-devel-3.4.8-1.39.amzn1.i686
python34-libs-3.4.8-1.39.amzn1.i686
python34-debuginfo-3.4.8-1.39.amzn1.i686
python34-tools-3.4.8-1.39.amzn1.i686
python34-3.4.8-1.39.amzn1.i686
python35-tools-3.5.5-1.12.amzn1.i686
python35-test-3.5.5-1.12.amzn1.i686
python35-devel-3.5.5-1.12.amzn1.i686
python35-3.5.5-1.12.amzn1.i686
python35-debuginfo-3.5.5-1.12.amzn1.i686
python35-libs-3.5.5-1.12.amzn1.i686
python36-devel-3.6.5-1.9.amzn1.i686
python36-debug-3.6.5-1.9.amzn1.i686
python36-test-3.6.5-1.9.amzn1.i686
python36-debuginfo-3.6.5-1.9.amzn1.i686
python36-libs-3.6.5-1.9.amzn1.i686
python36-3.6.5-1.9.amzn1.i686
python36-tools-3.6.5-1.9.amzn1.i686
python27-libs-2.7.14-1.123.amzn1.i686
python27-2.7.14-1.123.amzn1.i686
python27-debuginfo-2.7.14-1.123.amzn1.i686
python27-test-2.7.14-1.123.amzn1.i686
python27-devel-2.7.14-1.123.amzn1.i686
python27-tools-2.7.14-1.123.amzn1.i686
src:
python34-3.4.8-1.39.amzn1.src
python35-3.5.5-1.12.amzn1.src
python36-3.6.5-1.9.amzn1.src
python27-2.7.14-1.123.amzn1.src
x86_64:
python34-tools-3.4.8-1.39.amzn1.x86_64
python34-libs-3.4.8-1.39.amzn1.x86_64
python34-debuginfo-3.4.8-1.39.amzn1.x86_64
python34-test-3.4.8-1.39.amzn1.x86_64
python34-3.4.8-1.39.amzn1.x86_64
python34-devel-3.4.8-1.39.amzn1.x86_64
python35-devel-3.5.5-1.12.amzn1.x86_64
python35-3.5.5-1.12.amzn1.x86_64
python35-debuginfo-3.5.5-1.12.amzn1.x86_64
python35-test-3.5.5-1.12.amzn1.x86_64
python35-libs-3.5.5-1.12.amzn1.x86_64
python35-tools-3.5.5-1.12.amzn1.x86_64
python36-tools-3.6.5-1.9.amzn1.x86_64
python36-test-3.6.5-1.9.amzn1.x86_64
python36-devel-3.6.5-1.9.amzn1.x86_64
python36-3.6.5-1.9.amzn1.x86_64
python36-debug-3.6.5-1.9.amzn1.x86_64
python36-debuginfo-3.6.5-1.9.amzn1.x86_64
python36-libs-3.6.5-1.9.amzn1.x86_64
python27-debuginfo-2.7.14-1.123.amzn1.x86_64
python27-libs-2.7.14-1.123.amzn1.x86_64
python27-test-2.7.14-1.123.amzn1.x86_64
python27-tools-2.7.14-1.123.amzn1.x86_64
python27-devel-2.7.14-1.123.amzn1.x86_64
python27-2.7.14-1.123.amzn1.x86_64