ALAS-2018-945


Amazon Linux 1 Security Advisory: ALAS-2018-945
Advisory Release Date: 2018-02-07 17:02 Pacific
Advisory Updated Date: 2018-02-08 21:23 Pacific
Severity: Medium

Issue Overview:

Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow
CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) (CVE-2017-1000158)


Affected Packages:

python27


Issue Correction:
Run yum update python27 to update your system.

New Packages:
i686:
    python27-2.7.13-2.122.amzn1.i686
    python27-devel-2.7.13-2.122.amzn1.i686
    python27-test-2.7.13-2.122.amzn1.i686
    python27-libs-2.7.13-2.122.amzn1.i686
    python27-tools-2.7.13-2.122.amzn1.i686
    python27-debuginfo-2.7.13-2.122.amzn1.i686

src:
    python27-2.7.13-2.122.amzn1.src

x86_64:
    python27-debuginfo-2.7.13-2.122.amzn1.x86_64
    python27-2.7.13-2.122.amzn1.x86_64
    python27-test-2.7.13-2.122.amzn1.x86_64
    python27-tools-2.7.13-2.122.amzn1.x86_64
    python27-libs-2.7.13-2.122.amzn1.x86_64
    python27-devel-2.7.13-2.122.amzn1.x86_64