Medium: python27

2018-02-08T21:23:00
ID ALAS-2018-945
Type amazon
Reporter Amazon
Modified 2018-02-08T21:23:00

Description

Issue Overview:

Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow
CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) (CVE-2017-1000158 __)

Affected Packages:

python27

Issue Correction:
Run yum update python27 to update your system.

New Packages:

i686:  
    python27-2.7.13-2.122.amzn1.i686  
    python27-devel-2.7.13-2.122.amzn1.i686  
    python27-test-2.7.13-2.122.amzn1.i686  
    python27-libs-2.7.13-2.122.amzn1.i686  
    python27-tools-2.7.13-2.122.amzn1.i686  
    python27-debuginfo-2.7.13-2.122.amzn1.i686

src:  
    python27-2.7.13-2.122.amzn1.src

x86_64:  
    python27-debuginfo-2.7.13-2.122.amzn1.x86_64  
    python27-2.7.13-2.122.amzn1.x86_64  
    python27-test-2.7.13-2.122.amzn1.x86_64  
    python27-tools-2.7.13-2.122.amzn1.x86_64  
    python27-libs-2.7.13-2.122.amzn1.x86_64  
    python27-devel-2.7.13-2.122.amzn1.x86_64