Описание
Security update for python-PyYAML
This update for python-PyYAML fixes the following issues:
- CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439).
Список пакетов
HPE Helion OpenStack 8
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Enterprise Storage 5
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise High Availability Extension 12 SP1
python-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise High Availability Extension 12 SP2
python-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Module for Advanced Systems Management 12
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Module for Containers 12
python-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Module for Public Cloud 12
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Point of Sale 12 SP2
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Server 12 SP3-BCL
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Server 12 SP3-LTSS
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Server 12 SP4
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Server 12 SP5
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Manager Client Tools 12
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Manager Proxy 3.2
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE Manager Server 3.2
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE OpenStack Cloud 6-LTSS
python-PyYAML-5.1.2-26.12.1
SUSE OpenStack Cloud 7
python-PyYAML-5.1.2-26.12.1
SUSE OpenStack Cloud 8
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
SUSE OpenStack Cloud Crowbar 8
python-PyYAML-5.1.2-26.12.1
python3-PyYAML-5.1.2-26.12.1
Ссылки
- Link for SUSE-SU-2020:1285-1
- E-Mail link for SUSE-SU-2020:1285-1
- SUSE Security Ratings
- SUSE Bug 1165439
- SUSE CVE CVE-2020-1747 page
Описание
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
Затронутые продукты
HPE Helion OpenStack 8:python-PyYAML-5.1.2-26.12.1
HPE Helion OpenStack 8:python3-PyYAML-5.1.2-26.12.1
SUSE Enterprise Storage 5:python-PyYAML-5.1.2-26.12.1
SUSE Enterprise Storage 5:python3-PyYAML-5.1.2-26.12.1
Ссылки
- CVE-2020-1747
- SUSE Bug 1165439
- SUSE Bug 1174514