openSUSE-SU-2020:0507-1

Опубликовано: 11 апр. 2020

Источник: suse-cvrf

Описание

Security update for python-PyYAML

This update for python-PyYAML fixes the following issues:

CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

python2-PyYAML-5.1.2-lp151.2.6.1

python3-PyYAML-5.1.2-lp151.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3TCDKXSWEKNDBVHSMQWWQIFBNDUKAWME/
E-Mail link for openSUSE-SU-2020:0507-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1165439
SUSE Bug 1165439
https://www.suse.com/security/cve/CVE-2020-1747/
SUSE CVE CVE-2020-1747 page

Описание

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Затронутые продукты

openSUSE Leap 15.1:python2-PyYAML-5.1.2-lp151.2.6.1

openSUSE Leap 15.1:python3-PyYAML-5.1.2-lp151.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-1747.html
CVE-2020-1747
https://bugzilla.suse.com/1165439
SUSE Bug 1165439
https://bugzilla.suse.com/1174514
SUSE Bug 1174514

openSUSE-SU-2020:0507-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-1747

Описание

Затронутые продукты

Ссылки