ALAS-2015-541


Amazon Linux AMI Security Advisory: ALAS-2015-541
Advisory Release Date: 2015-06-11 08:09 Pacific
Severity: Medium
References: CVE-2015-2296 

Issue Overview:

A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.


Affected Packages:

python-pip


Issue Correction:
Run yum update python-pip to update your system.

New Packages:
noarch:
    python26-pip-6.1.1-1.20.amzn1.noarch
    python27-pip-6.1.1-1.20.amzn1.noarch
    python34-pip-6.1.1-1.20.amzn1.noarch

src:
    python-pip-6.1.1-1.20.amzn1.src