ALAS-2015-512

Amazon Linux 1 Security Advisory: ALAS-2015-512
Advisory Release Date: 2015-04-17 15:25 Pacific
Advisory Updated Date: 2015-04-17 15:26 Pacific

Severity: Medium

References: CVE-2015-2296
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.

Affected Packages:

python-botocore

Issue Correction:
Run yum update python-botocore to update your system.

New Packages:

noarch:
    python26-botocore-0.103.0-1.7.amzn1.noarch
    python27-botocore-0.103.0-1.7.amzn1.noarch

src:
    python-botocore-0.103.0-1.7.amzn1.src

Additional References

Red Hat: CVE-2015-2296

Mitre: CVE-2015-2296