Amazon Linux 2023 Security Advisory: ALAS-2024-757
Advisory Release Date: 2024-11-13 12:28 Pacific
Advisory Updated Date: 2024-11-14 11:00 Pacific
Severity:
Important
Issue Overview:
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. (CVE-2024-6232)
Affected Packages:
python3.11
Issue Correction:
Run dnf update python3.11 --releasever 2023.6.20241111 to update your system.
New Packages:
aarch64:
python3.11-3.11.6-1.amzn2023.0.4.aarch64
python3.11-devel-3.11.6-1.amzn2023.0.4.aarch64
python3.11-tkinter-3.11.6-1.amzn2023.0.4.aarch64
python3.11-debug-3.11.6-1.amzn2023.0.4.aarch64
python3.11-idle-3.11.6-1.amzn2023.0.4.aarch64
python3.11-debugsource-3.11.6-1.amzn2023.0.4.aarch64
python3.11-debuginfo-3.11.6-1.amzn2023.0.4.aarch64
python3.11-libs-3.11.6-1.amzn2023.0.4.aarch64
python3.11-test-3.11.6-1.amzn2023.0.4.aarch64
src:
python3.11-3.11.6-1.amzn2023.0.4.src
x86_64:
python3.11-devel-3.11.6-1.amzn2023.0.4.x86_64
python3.11-tkinter-3.11.6-1.amzn2023.0.4.x86_64
python3.11-idle-3.11.6-1.amzn2023.0.4.x86_64
python3.11-3.11.6-1.amzn2023.0.4.x86_64
python3.11-debugsource-3.11.6-1.amzn2023.0.4.x86_64
python3.11-debug-3.11.6-1.amzn2023.0.4.x86_64
python3.11-debuginfo-3.11.6-1.amzn2023.0.4.x86_64
python3.11-libs-3.11.6-1.amzn2023.0.4.x86_64
python3.11-test-3.11.6-1.amzn2023.0.4.x86_64