Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)

Source

ALAS-2018-1101

Amazon Linux AMI Security Advisory: ALAS-2018-1101
Advisory Release Date: 2018-11-05 21:47 Pacific
Advisory Updated Date: 2018-11-08 01:01 Pacific

Severity: Medium

References: CVE-2018-14647

Issue Overview:

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)

Affected Packages:

python35

Issue Correction:
Run yum update python35 to update your system.

New Packages:

i686:
    python35-libs-3.5.6-1.13.amzn1.i686
    python35-test-3.5.6-1.13.amzn1.i686
    python35-debuginfo-3.5.6-1.13.amzn1.i686
    python35-3.5.6-1.13.amzn1.i686
    python35-devel-3.5.6-1.13.amzn1.i686
    python35-tools-3.5.6-1.13.amzn1.i686

src:
    python35-3.5.6-1.13.amzn1.src

x86_64:
    python35-debuginfo-3.5.6-1.13.amzn1.x86_64
    python35-tools-3.5.6-1.13.amzn1.x86_64
    python35-3.5.6-1.13.amzn1.x86_64
    python35-devel-3.5.6-1.13.amzn1.x86_64
    python35-test-3.5.6-1.13.amzn1.x86_64
    python35-libs-3.5.6-1.13.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2018-1101

ALAS-2018-1101

Vulmon Search

About

Products

Connect