ELSA-2021-2583

Опубликовано: 02 июл. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-2583: python38:3.8 and python38-devel:3.8 security update (MODERATE)

PyYAML [5.4.1-1]

Rebase to version 5.4.1 to fix CVE-2020-14343
Resolves: rhbz#1860466

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module python38:3.8 is enabled

python38

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-Cython

0.29.14-4.module+el8.4.0+20068+32a535e2

python38-PyMySQL

0.10.1-1.module+el8.4.0+20068+32a535e2

python38-asn1crypto

1.2.0-3.module+el8.4.0+20068+32a535e2

python38-babel

2.7.0-10.module+el8.4.0+20068+32a535e2

python38-cffi

1.13.2-3.module+el8.4.0+20068+32a535e2

python38-chardet

3.0.4-19.module+el8.4.0+20068+32a535e2

python38-cryptography

2.8-3.module+el8.4.0+20068+32a535e2

python38-debug

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-devel

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-idle

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-idna

2.8-6.module+el8.4.0+20068+32a535e2

python38-jinja2

2.10.3-4.module+el8.4.0+20068+32a535e2

python38-libs

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-lxml

4.4.1-5.module+el8.4.0+20068+32a535e2

python38-markupsafe

1.1.1-6.module+el8.4.0+20068+32a535e2

python38-mod_wsgi

4.6.8-3.module+el8.4.0+20068+32a535e2

python38-numpy

1.17.3-5.module+el8.4.0+20068+32a535e2

python38-numpy-doc

1.17.3-5.module+el8.4.0+20068+32a535e2

python38-numpy-f2py

1.17.3-5.module+el8.4.0+20068+32a535e2

python38-pip

19.3.1-1.module+el8.4.0+20068+32a535e2

python38-pip-wheel

19.3.1-1.module+el8.4.0+20068+32a535e2

python38-ply

3.11-10.module+el8.4.0+20068+32a535e2

python38-psutil

5.6.4-3.module+el8.4.0+20068+32a535e2

python38-psycopg2

2.8.4-4.module+el8.4.0+20068+32a535e2

python38-psycopg2-doc

2.8.4-4.module+el8.4.0+20068+32a535e2

python38-psycopg2-tests

2.8.4-4.module+el8.4.0+20068+32a535e2

python38-pycparser

2.19-3.module+el8.4.0+20068+32a535e2

python38-pysocks

1.7.1-4.module+el8.4.0+20068+32a535e2

python38-pytz

2019.3-3.module+el8.4.0+20068+32a535e2

python38-pyyaml

5.4.1-1.module+el8.4.0+20219+c17d6bc1

python38-requests

2.22.0-9.module+el8.4.0+20068+32a535e2

python38-rpm-macros

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-scipy

1.3.1-4.module+el8.4.0+20068+32a535e2

python38-setuptools

41.6.0-4.module+el8.4.0+20068+32a535e2

python38-setuptools-wheel

41.6.0-4.module+el8.4.0+20068+32a535e2

python38-six

1.12.0-10.module+el8.4.0+20068+32a535e2

python38-test

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-tkinter

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-urllib3

1.25.7-4.module+el8.4.0+20068+32a535e2

python38-wheel

0.33.6-5.module+el8.4.0+20068+32a535e2

python38-wheel-wheel

0.33.6-5.module+el8.4.0+20068+32a535e2

Oracle Linux x86_64

Module python38:3.8 is enabled

python38

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-Cython

0.29.14-4.module+el8.4.0+20068+32a535e2

python38-PyMySQL

0.10.1-1.module+el8.4.0+20068+32a535e2

python38-asn1crypto

1.2.0-3.module+el8.4.0+20068+32a535e2

python38-babel

2.7.0-10.module+el8.4.0+20068+32a535e2

python38-cffi

1.13.2-3.module+el8.4.0+20068+32a535e2

python38-chardet

3.0.4-19.module+el8.4.0+20068+32a535e2

python38-cryptography

2.8-3.module+el8.4.0+20068+32a535e2

python38-debug

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-devel

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-idle

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-idna

2.8-6.module+el8.4.0+20068+32a535e2

python38-jinja2

2.10.3-4.module+el8.4.0+20068+32a535e2

python38-libs

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-lxml

4.4.1-5.module+el8.4.0+20068+32a535e2

python38-markupsafe

1.1.1-6.module+el8.4.0+20068+32a535e2

python38-mod_wsgi

4.6.8-3.module+el8.4.0+20068+32a535e2

python38-numpy

1.17.3-5.module+el8.4.0+20068+32a535e2

python38-numpy-doc

1.17.3-5.module+el8.4.0+20068+32a535e2

python38-numpy-f2py

1.17.3-5.module+el8.4.0+20068+32a535e2

python38-pip

19.3.1-1.module+el8.4.0+20068+32a535e2

python38-pip-wheel

19.3.1-1.module+el8.4.0+20068+32a535e2

python38-ply

3.11-10.module+el8.4.0+20068+32a535e2

python38-psutil

5.6.4-3.module+el8.4.0+20068+32a535e2

python38-psycopg2

2.8.4-4.module+el8.4.0+20068+32a535e2

python38-psycopg2-doc

2.8.4-4.module+el8.4.0+20068+32a535e2

python38-psycopg2-tests

2.8.4-4.module+el8.4.0+20068+32a535e2

python38-pycparser

2.19-3.module+el8.4.0+20068+32a535e2

python38-pysocks

1.7.1-4.module+el8.4.0+20068+32a535e2

python38-pytz

2019.3-3.module+el8.4.0+20068+32a535e2

python38-pyyaml

5.4.1-1.module+el8.4.0+20219+c17d6bc1

python38-requests

2.22.0-9.module+el8.4.0+20068+32a535e2

python38-rpm-macros

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-scipy

1.3.1-4.module+el8.4.0+20068+32a535e2

python38-setuptools

41.6.0-4.module+el8.4.0+20068+32a535e2

python38-setuptools-wheel

41.6.0-4.module+el8.4.0+20068+32a535e2

python38-six

1.12.0-10.module+el8.4.0+20068+32a535e2

python38-test

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-tkinter

3.8.6-3.module+el8.4.0+20068+32a535e2

python38-urllib3

1.25.7-4.module+el8.4.0+20068+32a535e2

python38-wheel

0.33.6-5.module+el8.4.0+20068+32a535e2

python38-wheel-wheel

0.33.6-5.module+el8.4.0+20068+32a535e2

Связанные CVE

CVE-2020-14343

Ссылки на источники

Связанные уязвимости

CVE-2020-14343

CVSS3: 9.8

ubuntu

почти 5 лет назад

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.