Amazon Linux AMI : python35 (ALAS-2018-1101)

Medium Nessus Plugin ID 118805

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Python's elementtree C accelerator failed to initialise Expat's hash
salt during initialization. This could make it easy to conduct denial
of service attacks against Expat by contructing an XML document that
would cause pathological hash collisions in Expat's internal data
structures, consuming large amounts CPU and RAM.(CVE-2018-14647)

Solution

Run 'yum update python35' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2018-1101.html

Plugin Details

Severity: Medium

ID: 118805

File Name: ala_ALAS-2018-1101.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2018/11/08

Modified: 2018/12/21

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:python35, p-cpe:/a:amazon:linux:python35-debuginfo, p-cpe:/a:amazon:linux:python35-devel, p-cpe:/a:amazon:linux:python35-libs, p-cpe:/a:amazon:linux:python35-test, p-cpe:/a:amazon:linux:python35-tools, cpe:/o:amazon:linux

Patch Publication Date: 2018/11/08

Reference Information

CVE: CVE-2018-14647

ALAS: 2018-1101