Amazon Linux 2023 Security Advisory: ALAS-2023-116
Advisory Release Date: 2023-03-06 17:50 Pacific
Advisory Updated Date: 2023-03-08 00:51 Pacific
Severity:
Medium
Issue Overview:
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. (CVE-2020-10735)
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. (CVE-2023-24329)
Affected Packages:
python3.9
Issue Correction:
Run dnf update python3.9 --releasever=2023.0.20230308 to update your system.
New Packages:
aarch64:
python3-3.9.16-1.amzn2023.0.3.aarch64
python3-devel-3.9.16-1.amzn2023.0.3.aarch64
python3-tkinter-3.9.16-1.amzn2023.0.3.aarch64
python3-idle-3.9.16-1.amzn2023.0.3.aarch64
python3.9-debugsource-3.9.16-1.amzn2023.0.3.aarch64
python3-debug-3.9.16-1.amzn2023.0.3.aarch64
python3.9-debuginfo-3.9.16-1.amzn2023.0.3.aarch64
python3-libs-3.9.16-1.amzn2023.0.3.aarch64
python3-test-3.9.16-1.amzn2023.0.3.aarch64
noarch:
python-unversioned-command-3.9.16-1.amzn2023.0.3.noarch
src:
python3.9-3.9.16-1.amzn2023.0.3.src
x86_64:
python3-3.9.16-1.amzn2023.0.3.x86_64
python3-tkinter-3.9.16-1.amzn2023.0.3.x86_64
python3-devel-3.9.16-1.amzn2023.0.3.x86_64
python3-idle-3.9.16-1.amzn2023.0.3.x86_64
python3.9-debugsource-3.9.16-1.amzn2023.0.3.x86_64
python3-debug-3.9.16-1.amzn2023.0.3.x86_64
python3.9-debuginfo-3.9.16-1.amzn2023.0.3.x86_64
python3-libs-3.9.16-1.amzn2023.0.3.x86_64
python3-test-3.9.16-1.amzn2023.0.3.x86_64