exploitDog

openSUSE-SU-2021:1876-1

Опубликовано: 11 июл. 2021

Источник: suse-cvrf

Описание

Security update for snakeyaml

This update for snakeyaml fixes the following issues:

Upgrade to 1.28
CVE-2017-18640: The Alias feature allows entity expansion during a load operation (bsc#1159488, bsc#1186088)

Список пакетов

openSUSE Leap 15.3

snakeyaml-1.28-3.5.1

snakeyaml-javadoc-1.28-3.5.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FQSQDG6EG5IGZXIQVLQHFSBMALXOT6L6/
E-Mail link for openSUSE-SU-2021:1876-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1159488
SUSE Bug 1159488
https://bugzilla.suse.com/1186088
SUSE Bug 1186088
https://www.suse.com/security/cve/CVE-2017-18640/
SUSE CVE CVE-2017-18640 page

Описание

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Затронутые продукты

openSUSE Leap 15.3:snakeyaml-1.28-3.5.1

openSUSE Leap 15.3:snakeyaml-javadoc-1.28-3.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-18640.html
CVE-2017-18640
https://bugzilla.suse.com/1159488
SUSE Bug 1159488
https://bugzilla.suse.com/1186088
SUSE Bug 1186088

Уязвимость openSUSE-SU-2021:1876-1