Amazon Linux 2 Security Advisory: ALASANSIBLE2-2024-011
Advisory Release Date: 2024-06-19 20:39 Pacific
Advisory Updated Date: 2024-06-24 11:30 Pacific
Severity:
Important
Issue Overview:
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. (CVE-2013-7459)
Affected Packages:
python-crypto
Note:
This advisory is applicable to Amazon Linux 2 - Ansible2 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update python-crypto to update your system.
New Packages:
aarch64:
python2-crypto-2.6.1-13.amzn2.0.3.aarch64
python-crypto-debuginfo-2.6.1-13.amzn2.0.3.aarch64
i686:
python2-crypto-2.6.1-13.amzn2.0.3.i686
python-crypto-debuginfo-2.6.1-13.amzn2.0.3.i686
src:
python-crypto-2.6.1-13.amzn2.0.3.src
x86_64:
python2-crypto-2.6.1-13.amzn2.0.3.x86_64
python-crypto-debuginfo-2.6.1-13.amzn2.0.3.x86_64