SUSE-SU-2020:1285-1

HIGH8.8

Security update for python-PyYAML

Published May 15, 2020

Modified 6 years ago

Fix available

Details

Description of the patch:

This update for python-PyYAML fixes the following issues:

CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439).

Affected Packages

python-PyYAML

SUSE Enterprise Storage 5SUSE Linux Enterprise High Availability Extension 12 SP1SUSE Linux Enterprise High Availability Extension 12 SP2SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Linux Enterprise Module for Containers 12

Fixed in:

5.1.2-26.12.1

python3-PyYAML

SUSE Enterprise Storage 5SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Point of Sale 12 SP2SUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

5.1.2-26.12.1

References

ADVISORY

https://bugzilla.suse.com/1165439

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2020-May/006820.html

ADVISORY

https://www.suse.com/security/cve/CVE-2020-1747/

WEB

https://www.suse.com/support/security/rating/

ADVISORY