ALAS-2023-1720

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1720
Advisory Released Date: 2023-04-05
Advisory Updated Date: 2023-04-05

Severity: Medium

References: CVE-2021-42771
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. (CVE-2021-42771)

Affected Packages:

python-babel

Issue Correction:
Run yum update python-babel to update your system.

New Packages:

noarch:
    python27-babel-0.9.4-5.1.9.amzn1.noarch
    python26-babel-0.9.4-5.1.9.amzn1.noarch

src:
    python-babel-0.9.4-5.1.9.amzn1.src

Additional References

Red Hat: CVE-2021-42771

Mitre: CVE-2021-42771