Amazon Linux 1 Security Advisory: ALAS-2023-1880
Advisory Release Date: 2023-10-30 23:31 Pacific
Advisory Updated Date: 2023-11-03 18:20 Pacific
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. (CVE-2022-48565)
Affected Packages:
python27
Issue Correction:
Run yum update python27 to update your system.
i686:
python27-devel-2.7.18-2.149.amzn1.i686
python27-debuginfo-2.7.18-2.149.amzn1.i686
python27-2.7.18-2.149.amzn1.i686
python27-tools-2.7.18-2.149.amzn1.i686
python27-test-2.7.18-2.149.amzn1.i686
python27-libs-2.7.18-2.149.amzn1.i686
src:
python27-2.7.18-2.149.amzn1.src
x86_64:
python27-tools-2.7.18-2.149.amzn1.x86_64
python27-libs-2.7.18-2.149.amzn1.x86_64
python27-devel-2.7.18-2.149.amzn1.x86_64
python27-debuginfo-2.7.18-2.149.amzn1.x86_64
python27-test-2.7.18-2.149.amzn1.x86_64
python27-2.7.18-2.149.amzn1.x86_64