Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:2818-1

Опубликовано: 24 авг. 2021
Источник: suse-cvrf

Описание

Security update for python-PyYAML

This update for python-PyYAML fixes the following issues:

  • Update to 5.3.1.

  • CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Список пакетов

HPE Helion OpenStack 8
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-Azure-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-EC2-HVM-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-GCE-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-SAP-Azure-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-SAP-EC2-HVM
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-SAP-GCE-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-Azure-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-Azure-HPC-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-Azure-SAP-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-EC2-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-EC2-ECS-On-Demand
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-EC2-On-Demand
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-EC2-SAP-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-EC2-SAP-On-Demand
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-GCE-BYOS
python-PyYAML-5.3.1-28.6.1
Image SLES12-SP5-GCE-SAP-BYOS
python-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Module for Public Cloud 12
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Server 12 SP3-BCL
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Server 12 SP3-LTSS
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Server 12 SP4-LTSS
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Server 12 SP5
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE OpenStack Cloud 7
python-PyYAML-5.3.1-28.6.1
SUSE OpenStack Cloud 8
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE OpenStack Cloud 9
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE OpenStack Cloud Crowbar 8
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1
SUSE OpenStack Cloud Crowbar 9
python-PyYAML-5.3.1-28.6.1
python3-PyYAML-5.3.1-28.6.1

Ссылки

Описание

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Затронутые продукты
HPE Helion OpenStack 8:python-PyYAML-5.3.1-28.6.1
HPE Helion OpenStack 8:python3-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-Azure-BYOS:python-PyYAML-5.3.1-28.6.1
Image SLES12-SP4-EC2-HVM-BYOS:python-PyYAML-5.3.1-28.6.1
Ссылки