SUSE-SU-2022:2841-1

UNKNOWN

Security update for python-PyYAML

Published Aug 18, 2022

Modified 3 years ago

Fix available

Details

This update for python-PyYAML fixes the following issues:

CVE-2020-1747: Fixed an arbitrary code execution issue when parsing an untrusted YAML file with the default loader (bsc#1165439).
CVE-2020-14343: Completed the fix for CVE-2020-1747 (bsc#1174514).

Affected Packages

python-PyYAML

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Public Cloud 15SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

5.1.2-150000.3.6.1

python2-PyYAML

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

5.1.2-150000.3.6.1

python3-PyYAML

Fixed in:

5.1.2-150000.3.6.1

References

REPORT

https://bugzilla.suse.com/1165439

REPORT

https://bugzilla.suse.com/1174514

WEB

https://www.suse.com/security/cve/CVE-2020-14343