Amazon Linux 1 Security Advisory: ALAS-2015-521
Advisory Release Date: 2015-05-05 21:31 Pacific
Advisory Updated Date: 2015-05-06 15:14 Pacific
A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.
Affected Packages:
python-tornado
Issue Correction:
Run yum update python-tornado to update your system.
noarch:
python27-tornado-2.2.1-7.7.amzn1.noarch
python26-tornado-2.2.1-7.7.amzn1.noarch
python27-tornado-doc-2.2.1-7.7.amzn1.noarch
python26-tornado-doc-2.2.1-7.7.amzn1.noarch
src:
python-tornado-2.2.1-7.7.amzn1.src