Amazon Linux 2 Security Advisory: ALASPYTHON3.8-2023-005
Advisory Release Date: 2023-08-21 21:00 Pacific
Advisory Updated Date: 2023-09-25 22:04 Pacific
A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application. The highest threat from this vulnerability is to system availability. (CVE-2021-3177)
Affected Packages:
python38
Note:
This advisory is applicable to Amazon Linux 2 - Python3.8 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update python38 to update your system.
aarch64:
python38-3.8.5-1.amzn2.0.2.aarch64
python38-libs-3.8.5-1.amzn2.0.2.aarch64
python38-devel-3.8.5-1.amzn2.0.2.aarch64
python38-tools-3.8.5-1.amzn2.0.2.aarch64
python38-tkinter-3.8.5-1.amzn2.0.2.aarch64
python38-test-3.8.5-1.amzn2.0.2.aarch64
python38-debug-3.8.5-1.amzn2.0.2.aarch64
python38-debuginfo-3.8.5-1.amzn2.0.2.aarch64
src:
python38-3.8.5-1.amzn2.0.2.src
x86_64:
python38-3.8.5-1.amzn2.0.2.x86_64
python38-libs-3.8.5-1.amzn2.0.2.x86_64
python38-devel-3.8.5-1.amzn2.0.2.x86_64
python38-tools-3.8.5-1.amzn2.0.2.x86_64
python38-tkinter-3.8.5-1.amzn2.0.2.x86_64
python38-test-3.8.5-1.amzn2.0.2.x86_64
python38-debug-3.8.5-1.amzn2.0.2.x86_64
python38-debuginfo-3.8.5-1.amzn2.0.2.x86_64