SUSE-SU-2022:2841-1

HIGH8.8

Security update for python-PyYAML

Published Aug 18, 2022

Modified 3 years ago

Fix available

Details

Description of the patch:

This update for python-PyYAML fixes the following issues:

CVE-2020-1747: Fixed an arbitrary code execution issue when parsing an untrusted YAML file with the default loader (bsc#1165439).
CVE-2020-14343: Completed the fix for CVE-2020-1747 (bsc#1174514).

Affected Packages

python2-PyYAML

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

5.1.2-150000.3.6.1

python3-PyYAML

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Public Cloud 15SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

5.1.2-150000.3.6.1

References

ADVISORY

https://bugzilla.suse.com/1165439

ADVISORY

https://bugzilla.suse.com/1174514

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2022-August/011943.html

ADVISORY

https://www.suse.com/security/cve/CVE-2020-14343/

ADVISORY