Security update for python-PyYAML SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0507-1 Final 1 1 2020-04-11T18:16:55Z current 2020-04-11T18:16:55Z 2020-04-11T18:16:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-PyYAML This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439). This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-507 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3TCDKXSWEKNDBVHSMQWWQIFBNDUKAWME/ E-Mail link for openSUSE-SU-2020:0507-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1165439 SUSE Bug 1165439 https://www.suse.com/security/cve/CVE-2020-1747/ SUSE CVE CVE-2020-1747 page openSUSE Leap 15.1 python2-PyYAML-5.1.2-lp151.2.6.1 python3-PyYAML-5.1.2-lp151.2.6.1 python2-PyYAML-5.1.2-lp151.2.6.1 as a component of openSUSE Leap 15.1 python3-PyYAML-5.1.2-lp151.2.6.1 as a component of openSUSE Leap 15.1 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. CVE-2020-1747 openSUSE Leap 15.1:python2-PyYAML-5.1.2-lp151.2.6.1 openSUSE Leap 15.1:python3-PyYAML-5.1.2-lp151.2.6.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3TCDKXSWEKNDBVHSMQWWQIFBNDUKAWME/ https://www.suse.com/security/cve/CVE-2020-1747.html CVE-2020-1747 https://bugzilla.suse.com/1165439 SUSE Bug 1165439 https://bugzilla.suse.com/1174514 SUSE Bug 1174514