Oval Definition:oval:org.opensuse.security:def:56059
Revision Date:2021-08-24Version:1
Title:Security update for python-PyYAML (Important)
Description:



This update for python-PyYAML fixes the following issues:

- Update to 5.3.1.

- CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Family:unixClass:patch
Status:Reference(s):1009994
1010756
1010757
1010766
1010774
1010782
1010968
1010975
1015203
1022804
1034849
1047958
1049302
1049305
1049306
1049307
1049308
1049309
1049310
1049311
1049312
1049313
1049314
1049315
1049316
1049317
1049318
1049319
1049320
1049321
1049322
1049323
1049324
1049325
1049326
1049327
1049328
1049329
1049330
1049331
1049332
1130324
1135170
1153451
1153459
1171252
1171254
1174514
808137
815451
821664
906364
951166
963964
963968
963975
969785
983582
984751
985177
985348
989523
991069
CVE-2006-4197
CVE-2010-4352
CVE-2012-3524
CVE-2013-1821
CVE-2013-1981
CVE-2013-1997
CVE-2013-2004
CVE-2013-2168
CVE-2014-3477
CVE-2014-3532
CVE-2014-3533
CVE-2014-3635
CVE-2014-3636
CVE-2014-3637
CVE-2014-3638
CVE-2014-3639
CVE-2014-7824
CVE-2014-8148
CVE-2014-9029
CVE-2015-0245
CVE-2015-8629
CVE-2015-8630
CVE-2015-8631
CVE-2016-0772
CVE-2016-1000110
CVE-2016-2851
CVE-2016-5636
CVE-2016-5699
CVE-2016-9262
CVE-2016-9388
CVE-2016-9389
CVE-2016-9390
CVE-2016-9391
CVE-2016-9392
CVE-2016-9393
CVE-2016-9394
CVE-2017-1000050
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10086
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10114
CVE-2017-10115
CVE-2017-10116
CVE-2017-10118
CVE-2017-10125
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
CVE-2017-3289
CVE-2017-3509
CVE-2017-3511
CVE-2017-3512
CVE-2017-3514
CVE-2017-3526
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544
CVE-2019-17041
CVE-2019-17042
CVE-2019-5436
CVE-2019-9924
CVE-2020-12653
CVE-2020-12654
CVE-2020-14343
SUSE-SU-2016:0429-1
SUSE-SU-2016:0706-1
SUSE-SU-2016:2859-1
SUSE-SU-2017:1400-1
SUSE-SU-2017:1916-1
SUSE-SU-2017:2175-1
SUSE-SU-2019:0898-1
SUSE-SU-2019:1363-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP2-LTSS-SAP
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • bzip2-1.0.6-lp150.3 is installed
  • OR libbz2-1-1.0.6-lp150.3 is installed
  • OR libbz2-1-32bit-1.0.6-lp150.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • bind-9.11.2-lp151.11.3 is installed
  • OR bind-chrootenv-9.11.2-lp151.11.3 is installed
  • OR bind-devel-9.11.2-lp151.11.3 is installed
  • OR bind-devel-32bit-9.11.2-lp151.11.3 is installed
  • OR bind-doc-9.11.2-lp151.11.3 is installed
  • OR bind-lwresd-9.11.2-lp151.11.3 is installed
  • OR bind-utils-9.11.2-lp151.11.3 is installed
  • OR libbind9-160-9.11.2-lp151.11.3 is installed
  • OR libbind9-160-32bit-9.11.2-lp151.11.3 is installed
  • OR libdns169-9.11.2-lp151.11.3 is installed
  • OR libdns169-32bit-9.11.2-lp151.11.3 is installed
  • OR libirs-devel-9.11.2-lp151.11.3 is installed
  • OR libirs160-9.11.2-lp151.11.3 is installed
  • OR libirs160-32bit-9.11.2-lp151.11.3 is installed
  • OR libisc166-9.11.2-lp151.11.3 is installed
  • OR libisc166-32bit-9.11.2-lp151.11.3 is installed
  • OR libisccc160-9.11.2-lp151.11.3 is installed
  • OR libisccc160-32bit-9.11.2-lp151.11.3 is installed
  • OR libisccfg160-9.11.2-lp151.11.3 is installed
  • OR libisccfg160-32bit-9.11.2-lp151.11.3 is installed
  • OR liblwres160-9.11.2-lp151.11.3 is installed
  • OR liblwres160-32bit-9.11.2-lp151.11.3 is installed
  • OR python3-bind-9.11.2-lp151.11.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • libjasper-1.900.1-134.13 is installed
  • OR libjasper-32bit-1.900.1-134.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • libotr-3.2.0-10.5 is installed
  • OR libotr2-3.2.0-10.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libpython3_4m1_0-3.4.5-19 is installed
  • OR python3-3.4.5-19 is installed
  • OR python3-base-3.4.5-19 is installed
  • OR python3-curses-3.4.5-19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • dbus-1-1.8.16-14 is installed
  • OR dbus-1-x11-1.8.16-14 is installed
  • OR libdbus-1-3-1.8.16-14 is installed
  • OR libdbus-1-3-32bit-1.8.16-14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.144-27.5 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.144-27.5 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.144-27.5 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.144-27.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libIlmImf-Imf_2_1-21-2.1.0-4 is installed
  • OR openexr-2.1.0-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND yast2-smt-3.0.14-17.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_59-92_20-default-12-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_8-12-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND davfs2-1.5.2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kernel-default-4.4.180-94.124 is installed
  • OR kernel-default-base-4.4.180-94.124 is installed
  • OR kernel-default-devel-4.4.180-94.124 is installed
  • OR kernel-default-kgraft-4.4.180-94.124 is installed
  • OR kernel-devel-4.4.180-94.124 is installed
  • OR kernel-macros-4.4.180-94.124 is installed
  • OR kernel-source-4.4.180-94.124 is installed
  • OR kernel-syms-4.4.180-94.124 is installed
  • OR kgraft-patch-4_4_180-94_124-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_33-1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • audiofile-0.3.6-11.3 is installed
  • OR libaudiofile1-0.3.6-11.3 is installed
  • OR libaudiofile1-32bit-0.3.6-11.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • jakarta-taglibs-standard-1.1.1-255 is installed
  • OR jakarta-taglibs-standard-javadoc-1.1.1-255 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • rsyslog-8.4.0-13.8 is installed
  • OR rsyslog-diag-tools-8.4.0-13.8 is installed
  • OR rsyslog-doc-8.4.0-13.8 is installed
  • OR rsyslog-module-gssapi-8.4.0-13.8 is installed
  • OR rsyslog-module-gtls-8.4.0-13.8 is installed
  • OR rsyslog-module-mysql-8.4.0-13.8 is installed
  • OR rsyslog-module-pgsql-8.4.0-13.8 is installed
  • OR rsyslog-module-relp-8.4.0-13.8 is installed
  • OR rsyslog-module-snmp-8.4.0-13.8 is installed
  • OR rsyslog-module-udpspoof-8.4.0-13.8 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • python3-rpm-4.11.2-16.21 is installed
  • OR rpm-4.11.2-16.21 is installed
  • OR rpm-32bit-4.11.2-16.21 is installed
  • OR rpm-build-4.11.2-16.21 is installed
  • OR rpm-python-4.11.2-16.21 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-loofah-2.0.2-3.5 is installed
  • OR rubygem-loofah-2.0.2-3.5 is installed
    • BACK