Medium: python27

Issue Overview:

It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.(CVE-2013-1752)

It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)

The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.(CVE-2014-9365)

Affected Packages:

python27

Issue Correction:
Run yum update python27 to update your system.

New Packages:

i686:  
    python27-devel-2.7.9-4.114.amzn1.i686  
    python27-tools-2.7.9-4.114.amzn1.i686  
    python27-2.7.9-4.114.amzn1.i686  
    python27-debuginfo-2.7.9-4.114.amzn1.i686  
    python27-libs-2.7.9-4.114.amzn1.i686  
    python27-test-2.7.9-4.114.amzn1.i686  
  
src:  
    python27-2.7.9-4.114.amzn1.src  
  
x86_64:  
    python27-2.7.9-4.114.amzn1.x86_64  
    python27-libs-2.7.9-4.114.amzn1.x86_64  
    python27-tools-2.7.9-4.114.amzn1.x86_64  
    python27-devel-2.7.9-4.114.amzn1.x86_64  
    python27-test-2.7.9-4.114.amzn1.x86_64  
    python27-debuginfo-2.7.9-4.114.amzn1.x86_64  

Additional References

Red Hat: CVE-2013-1752, CVE-2013-1753, CVE-2014-9365

Mitre: CVE-2013-1752, CVE-2013-1753, CVE-2014-9365