Описание
Security update for python-tablib
This update for python-tablib fixes the following issues:
- CVE-2017-2810: Use yaml.safe_load and yaml.safe_dump to avoid executing code when importing data (bsc#1044329)
Список пакетов
SUSE Linux Enterprise Module for Public Cloud 12
python-tablib-0.9.11-3.1
SUSE OpenStack Cloud 6
python-tablib-0.9.11-3.1
SUSE OpenStack Cloud 7
python-tablib-0.9.11-3.1
Ссылки
- Link for SUSE-SU-2017:2105-1
- E-Mail link for SUSE-SU-2017:2105-1
- SUSE Security Ratings
- SUSE Bug 1044329
- SUSE CVE CVE-2017-2810 page
Описание
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 12:python-tablib-0.9.11-3.1
SUSE OpenStack Cloud 6:python-tablib-0.9.11-3.1
SUSE OpenStack Cloud 7:python-tablib-0.9.11-3.1
Ссылки
- CVE-2017-2810
- SUSE Bug 1044329