Oval Definition:oval:org.opensuse.security:def:55939
Revision Date:2021-08-24Version:1
Title:Security update for python-PyYAML (Important)
Description:



This update for python-PyYAML fixes the following issues:

- Update to 5.3.1.

- CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Family:unixClass:patch
Status:Reference(s):1009318
1011130
1011136
1013376
1014159
1015400
1018088
1020353
1021868
1029497
1059777
1061076
1061077
1061080
1061081
1061082
1061084
1061086
1061087
1107832
1108963
1109663
1109847
1110233
1133191
1136446
1137597
1138459
1141853
1174514
834601
840485
847135
856836
859068
889013
892464
922741
942801
948791
960319
968050
976942
976943
977614
977615
977617
984684
987895
988651
989721
989722
989723
989725
989726
989727
989728
989729
989730
989731
989732
989733
989734
CVE-2007-4129
CVE-2013-1705
CVE-2013-1718
CVE-2013-1722
CVE-2013-1725
CVE-2013-1726
CVE-2013-1730
CVE-2013-1732
CVE-2013-1735
CVE-2013-1736
CVE-2013-1737
CVE-2013-4073
CVE-2013-4238
CVE-2014-5270
CVE-2014-9848
CVE-2015-4491
CVE-2015-7555
CVE-2015-7674
CVE-2016-0702
CVE-2016-0753
CVE-2016-10251
CVE-2016-2105
CVE-2016-2106
CVE-2016-2108
CVE-2016-2109
CVE-2016-3458
CVE-2016-3485
CVE-2016-3498
CVE-2016-3500
CVE-2016-3503
CVE-2016-3508
CVE-2016-3511
CVE-2016-3550
CVE-2016-3552
CVE-2016-3587
CVE-2016-3598
CVE-2016-3606
CVE-2016-3610
CVE-2016-8707
CVE-2016-8866
CVE-2016-9556
CVE-2016-9559
CVE-2016-9583
CVE-2016-9600
CVE-2016-9773
CVE-2017-15588
CVE-2017-15589
CVE-2017-15590
CVE-2017-15591
CVE-2017-15592
CVE-2017-15593
CVE-2017-15594
CVE-2017-15595
CVE-2017-5498
CVE-2017-5526
CVE-2017-6850
CVE-2018-1000802
CVE-2018-14633
CVE-2018-14634
CVE-2018-14647
CVE-2018-17182
CVE-2018-20852
CVE-2019-10160
CVE-2019-11477
CVE-2019-11478
CVE-2019-11487
CVE-2019-3846
CVE-2020-14343
SUSE-SU-2015:0446-1
SUSE-SU-2015:1787-1
SUSE-SU-2016:0192-1
SUSE-SU-2016:1267-1
SUSE-SU-2016:2012-1
SUSE-SU-2016:3258-1
SUSE-SU-2017:0953-1
SUSE-SU-2017:2873-1
SUSE-SU-2019:2053-1
SUSE-SU-2019:2091-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libXv1-1.0.11-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • GraphicsMagick-1.3.29-lp151.4.6 is installed
  • OR GraphicsMagick-devel-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick++-Q16-12-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick++-devel-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick-Q16-3-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick3-config-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.6 is installed
  • OR perl-GraphicsMagick-1.3.29-lp151.4.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-17.0.9esr-0.7 is installed
  • OR MozillaFirefox-translations-17.0.9esr-0.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • giflib-4.1.6-13 is installed
  • OR giflib-32bit-4.1.6-13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • compat-openssl098-0.9.8j-97 is installed
  • OR libopenssl0_9_8-0.9.8j-97 is installed
  • OR libopenssl0_9_8-32bit-0.9.8j-97 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND coolkey-1.1.0-147 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • xen-4.5.5_18-22.31 is installed
  • OR xen-doc-html-4.5.5_18-22.31 is installed
  • OR xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31 is installed
  • OR xen-libs-4.5.5_18-22.31 is installed
  • OR xen-libs-32bit-4.5.5_18-22.31 is installed
  • OR xen-tools-4.5.5_18-22.31 is installed
  • OR xen-tools-domU-4.5.5_18-22.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • dbus-1-glib-0.100.2-3 is installed
  • OR dbus-1-glib-32bit-0.100.2-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libvirt-2.0.0-27.45 is installed
  • OR libvirt-client-2.0.0-27.45 is installed
  • OR libvirt-daemon-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed
  • OR libvirt-daemon-hooks-2.0.0-27.45 is installed
  • OR libvirt-daemon-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-xen-2.0.0-27.45 is installed
  • OR libvirt-doc-2.0.0-27.45 is installed
  • OR libvirt-lock-sanlock-2.0.0-27.45 is installed
  • OR libvirt-nss-2.0.0-27.45 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_92-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_24-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • liblzo2-2-2.08-1 is installed
  • OR liblzo2-2-32bit-2.08-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • MozillaFirefox-60.8.0-109.83 is installed
  • OR MozillaFirefox-translations-common-60.8.0-109.83 is installed
  • OR libfreebl3-3.44.1-58.28 is installed
  • OR libfreebl3-32bit-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-3.44.1-58.28 is installed
  • OR libsoftokn3-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-3.44.1-58.28 is installed
  • OR mozilla-nss-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-tools-3.44.1-58.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • res-signingkeys-3.0.37-52.23 is installed
  • OR smt-3.0.37-52.23 is installed
  • OR smt-support-3.0.37-52.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • bash-4.3-83.15 is installed
  • OR bash-doc-4.3-83.15 is installed
  • OR libreadline6-6.3-83.15 is installed
  • OR libreadline6-32bit-6.3-83.15 is installed
  • OR readline-doc-6.3-83.15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-activemodel-4_2-4.2.2-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3 is installed
  • OR ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3 is installed
  • OR ruby2.1-rubygem-actionview-4_2-4.2.9-9.3 is installed
  • OR ruby2.1-rubygem-activejob-4_2-4.2.9-3.3 is installed
  • OR ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3 is installed
  • OR ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3 is installed
  • OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3 is installed
  • OR ruby2.1-rubygem-rails-4_2-4.2.9-3.3 is installed
  • OR ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3 is installed
  • OR ruby2.1-rubygem-railties-4_2-4.2.9-3.3 is installed
  • OR rubygem-actionmailer-4_2-4.2.9-3.3 is installed
  • OR rubygem-actionpack-4_2-4.2.9-7.3 is installed
  • OR rubygem-actionview-4_2-4.2.9-9.3 is installed
  • OR rubygem-activejob-4_2-4.2.9-3.3 is installed
  • OR rubygem-activemodel-4_2-4.2.9-6.3 is installed
  • OR rubygem-activerecord-4_2-4.2.9-6.3 is installed
  • OR rubygem-activesupport-4_2-4.2.9-7.3 is installed
  • OR rubygem-rails-4_2-4.2.9-3.3 is installed
  • OR rubygem-rails-html-sanitizer-1.0.3-8.3 is installed
  • OR rubygem-railties-4_2-4.2.9-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libexif-0.6.21-8.6 is installed
  • OR libexif12-0.6.21-8.6 is installed
  • OR libexif12-32bit-0.6.21-8.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • freeradius-server-3.0.15-2.14 is installed
  • OR freeradius-server-doc-3.0.15-2.14 is installed
  • OR freeradius-server-krb5-3.0.15-2.14 is installed
  • OR freeradius-server-ldap-3.0.15-2.14 is installed
  • OR freeradius-server-libs-3.0.15-2.14 is installed
  • OR freeradius-server-mysql-3.0.15-2.14 is installed
  • OR freeradius-server-perl-3.0.15-2.14 is installed
  • OR freeradius-server-postgresql-3.0.15-2.14 is installed
  • OR freeradius-server-python-3.0.15-2.14 is installed
  • OR freeradius-server-sqlite-3.0.15-2.14 is installed
  • OR freeradius-server-utils-3.0.15-2.14 is installed
    • BACK