Amazon Linux AMI : python35 (ALAS-2018-1101)

High Nessus Plugin ID 118805

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)

Solution

Run 'yum update python35' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2018-1101.html

Plugin Details

Severity: High

ID: 118805

File Name: ala_ALAS-2018-1101.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/11/08

Modified: 2018/11/08

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:python35, p-cpe:/a:amazon:linux:python35-debuginfo, p-cpe:/a:amazon:linux:python35-devel, p-cpe:/a:amazon:linux:python35-libs, p-cpe:/a:amazon:linux:python35-test, p-cpe:/a:amazon:linux:python35-tools, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 2018/11/08

Reference Information

CVE: CVE-2018-14647

ALAS: 2018-1101