Amazon Linux 2023 Security Advisory: ALAS-2024-770
Advisory Release Date: 2024-12-05 20:34 Pacific
Advisory Updated Date: 2024-12-05 20:34 Pacific
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. (CVE-2024-6232)
Affected Packages:
python3.9
Issue Correction:
Run dnf update python3.9 --releasever 2023.6.20241209 to update your system.
aarch64:
python3-3.9.20-1.amzn2023.0.1.aarch64
python3-idle-3.9.20-1.amzn2023.0.1.aarch64
python3.9-debugsource-3.9.20-1.amzn2023.0.1.aarch64
python3-tkinter-3.9.20-1.amzn2023.0.1.aarch64
python3-devel-3.9.20-1.amzn2023.0.1.aarch64
python3-debug-3.9.20-1.amzn2023.0.1.aarch64
python3.9-debuginfo-3.9.20-1.amzn2023.0.1.aarch64
python3-libs-3.9.20-1.amzn2023.0.1.aarch64
python3-test-3.9.20-1.amzn2023.0.1.aarch64
noarch:
python-unversioned-command-3.9.20-1.amzn2023.0.1.noarch
src:
python3.9-3.9.20-1.amzn2023.0.1.src
x86_64:
python3-3.9.20-1.amzn2023.0.1.x86_64
python3-tkinter-3.9.20-1.amzn2023.0.1.x86_64
python3-devel-3.9.20-1.amzn2023.0.1.x86_64
python3.9-debugsource-3.9.20-1.amzn2023.0.1.x86_64
python3-idle-3.9.20-1.amzn2023.0.1.x86_64
python3-debug-3.9.20-1.amzn2023.0.1.x86_64
python3.9-debuginfo-3.9.20-1.amzn2023.0.1.x86_64
python3-test-3.9.20-1.amzn2023.0.1.x86_64
python3-libs-3.9.20-1.amzn2023.0.1.x86_64