Описание
Security update for python-PyYAML
This update for python-PyYAML fixes the following issues:
- CVE-2020-14343: Fixed a arbitrary code execution when processing untrusted YAML files through the full_load method or with the FullLoader loader. This Fixes an incomplete solution for CVE-2020-1747 (bnc#1174514).
Список пакетов
SUSE Linux Enterprise Module for Advanced Systems Management 12
python-PyYAML-5.1.2-26.15.1
python3-PyYAML-5.1.2-26.15.1
SUSE Linux Enterprise Module for Containers 12
python-PyYAML-5.1.2-26.15.1
SUSE Manager Client Tools 12
python-PyYAML-5.1.2-26.15.1
python3-PyYAML-5.1.2-26.15.1
Ссылки
- Link for SUSE-SU-2022:3231-1
- E-Mail link for SUSE-SU-2022:3231-1
- SUSE Security Ratings
- SUSE Bug 1174514
- SUSE CVE CVE-2020-14343 page
Описание
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Затронутые продукты
SUSE Linux Enterprise Module for Advanced Systems Management 12:python-PyYAML-5.1.2-26.15.1
SUSE Linux Enterprise Module for Advanced Systems Management 12:python3-PyYAML-5.1.2-26.15.1
SUSE Linux Enterprise Module for Containers 12:python-PyYAML-5.1.2-26.15.1
SUSE Manager Client Tools 12:python-PyYAML-5.1.2-26.15.1
Ссылки
- CVE-2020-14343
- SUSE Bug 1174514