ALAS-2024-770


Amazon Linux 2023 Security Advisory: ALAS-2024-770
Advisory Release Date: 2024-12-05 20:34 Pacific
Advisory Updated Date: 2024-12-05 20:34 Pacific
Severity: Important

Issue Overview:

There is a MEDIUM severity vulnerability affecting CPython.

Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. (CVE-2024-6232)


Affected Packages:

python3.9


Issue Correction:
Run dnf update python3.9 --releasever 2023.6.20241209 to update your system.

New Packages:
aarch64:
    python3-3.9.20-1.amzn2023.0.1.aarch64
    python3-idle-3.9.20-1.amzn2023.0.1.aarch64
    python3.9-debugsource-3.9.20-1.amzn2023.0.1.aarch64
    python3-tkinter-3.9.20-1.amzn2023.0.1.aarch64
    python3-devel-3.9.20-1.amzn2023.0.1.aarch64
    python3-debug-3.9.20-1.amzn2023.0.1.aarch64
    python3.9-debuginfo-3.9.20-1.amzn2023.0.1.aarch64
    python3-libs-3.9.20-1.amzn2023.0.1.aarch64
    python3-test-3.9.20-1.amzn2023.0.1.aarch64

noarch:
    python-unversioned-command-3.9.20-1.amzn2023.0.1.noarch

src:
    python3.9-3.9.20-1.amzn2023.0.1.src

x86_64:
    python3-3.9.20-1.amzn2023.0.1.x86_64
    python3-tkinter-3.9.20-1.amzn2023.0.1.x86_64
    python3-devel-3.9.20-1.amzn2023.0.1.x86_64
    python3.9-debugsource-3.9.20-1.amzn2023.0.1.x86_64
    python3-idle-3.9.20-1.amzn2023.0.1.x86_64
    python3-debug-3.9.20-1.amzn2023.0.1.x86_64
    python3.9-debuginfo-3.9.20-1.amzn2023.0.1.x86_64
    python3-test-3.9.20-1.amzn2023.0.1.x86_64
    python3-libs-3.9.20-1.amzn2023.0.1.x86_64