[ALAS2-2023-2117] Amazon Linux 2 2017.12 - ALAS2-2023-2117: medium priority package update for python3-pygments
Severity
Medium
Affected Packages
2
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2021-27291:
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/python3-pygments?arch=noarch&distro=amazonlinux-2 | < 2.2.0-3.amzn2.0.3 |
pkg:rpm/amazonlinux/python3-pygments-doc?arch=noarch&distro=amazonlinux-2 | < 2.2.0-3.amzn2.0.3 |
- ID
- ALAS2-2023-2117
- Severity
- medium
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2023-2117.html
- Published
-
2023-07-05T22:01:00
(14 months ago) - Modified
-
2023-07-19T22:27:00
(14 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS2-2023-2198
- ALPINE:CVE-2021-27291
- ALSA-2021:4150
- ALSA-2021:4151
- DSA-4878-1
- DSA-4889-1
- ELSA-2021-4150
- ELSA-2021-4151
- ELSA-2021-9553
- FEDORA-2021-166dfc62b2
- FEDORA-2021-3f975f68c8
- FREEBSD:CDC685B5-1724-49A1-AD57-2EAAB68E9CC0
- MS:CVE-2021-27291
- openSUSE-SU-2021:1521-1
- openSUSE-SU-2021:3839-1
- openSUSE-SU-2021:3841-1
- PYSEC-2021-141
- RHSA-2021:4139
- RHSA-2021:4150
- RHSA-2021:4151
- RLSA-2021:4150
- RLSA-2021:4151
- SUSE-SU-2021:3814-1
- SUSE-SU-2021:3839-1
- SUSE-SU-2021:3840-1
- SUSE-SU-2021:3841-1
- USN-4897-1
- USN-4897-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2021-27291 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python3-pygments?arch=noarch&distro=amazonlinux-2 | amazonlinux | python3-pygments | < 2.2.0-3.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/python3-pygments-doc?arch=noarch&distro=amazonlinux-2 | amazonlinux | python3-pygments-doc | < 2.2.0-3.amzn2.0.3 | amazonlinux-2 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |