Amazon Linux 2 Security Advisory: ALASPYTHON3.8-2023-003
Advisory Release Date: 2023-08-21 21:00 Pacific
Advisory Updated Date: 2023-09-25 22:04 Pacific
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. (CVE-2022-40897)
Affected Packages:
python38-setuptools
Issue Correction:
Run yum update python38-setuptools to update your system.
noarch:
python38-setuptools-38.4.0-4.amzn2.0.2.noarch
src:
python38-setuptools-38.4.0-4.amzn2.0.2.src