Amazon Linux 2 Security Advisory: ALAS-2023-2010
Advisory Release Date: 2023-03-30 18:56 Pacific
Advisory Updated Date: 2023-04-04 22:10 Pacific
Severity:
Medium
Issue Overview:
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. (CVE-2021-42771)
Affected Packages:
babel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update babel to update your system.
New Packages:
noarch:
babel-0.9.6-8.amzn2.0.2.noarch
python-babel-0.9.6-8.amzn2.0.2.noarch
src:
babel-0.9.6-8.amzn2.0.2.src