Oval Definition:oval:org.opensuse.security:def:57989
Revision Date:2021-08-24Version:1
Title:Security update for python-PyYAML (Important)
Description:



This update for python-PyYAML fixes the following issues:

- Update to 5.3.1.

- CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Family:unixClass:patch
Status:Reference(s):1009254
1016715
1028842
1039063
1039064
1039066
1039069
1039661
1062063
1066644
1071459
1071460
1071853
1076957
1087066
1090023
1090024
1090025
1090026
1090027
1090028
1090029
1090030
1090032
1090033
1093536
1094462
1096254
1103098
1104826
1106222
1107874
1108382
1109137
1109845
1110910
1111006
1111010
1111013
1114422
1119947
1125401
1127155
1128525
1128829
1128963
1129231
1133190
1133738
1134395
1134701
1136922
1136935
1137194
1138291
1140575
1152856
1153332
1154212
1167240
1170715
1172698
1172704
1174514
981114
CVE-2016-1000031
CVE-2016-10708
CVE-2016-1839
CVE-2016-4975
CVE-2016-8743
CVE-2017-16548
CVE-2017-17433
CVE-2017-17434
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050
CVE-2018-10811
CVE-2018-10839
CVE-2018-15746
CVE-2018-16151
CVE-2018-16152
CVE-2018-16301
CVE-2018-16884
CVE-2018-17540
CVE-2018-17958
CVE-2018-17962
CVE-2018-17963
CVE-2018-18849
CVE-2018-20836
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2815
CVE-2018-5388
CVE-2018-5391
CVE-2019-10126
CVE-2019-10638
CVE-2019-10639
CVE-2019-11487
CVE-2019-11599
CVE-2019-12380
CVE-2019-12456
CVE-2019-12614
CVE-2019-12818
CVE-2019-12819
CVE-2019-15165
CVE-2019-2894
CVE-2019-2933
CVE-2019-2945
CVE-2019-2949
CVE-2019-2958
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2987
CVE-2019-2988
CVE-2019-2989
CVE-2019-2992
CVE-2019-2999
CVE-2019-8936
CVE-2020-14343
CVE-2020-5267
CVE-2020-8023
SUSE-SU-2017:1454-1
SUSE-SU-2018:0118-1
SUSE-SU-2018:1690-1
SUSE-SU-2018:2530-1
SUSE-SU-2018:2815-2
SUSE-SU-2018:4237-1
SUSE-SU-2019:0736-1
SUSE-SU-2019:0789-1
SUSE-SU-2019:1214-1
SUSE-SU-2019:1823-1
SUSE-SU-2019:2669-1
SUSE-SU-2019:3084-1
SUSE-SU-2019:3266-1
SUSE-SU-2020:0954-1
SUSE-SU-2020:1859-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND hyper-v-7-lp150.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND rdesktop-1.8.6-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • libpcap-1.8.1-10.3 is installed
  • OR libpcap1-1.8.1-10.3 is installed
  • OR tcpdump-4.9.2-14.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libxml2-2.9.4-36 is installed
  • OR libxml2-2-2.9.4-36 is installed
  • OR libxml2-2-32bit-2.9.4-36 is installed
  • OR libxml2-doc-2.9.4-36 is installed
  • OR libxml2-tools-2.9.4-36 is installed
  • OR python-libxml2-2.9.4-36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • xen-4.7.6_02-43.36 is installed
  • OR xen-doc-html-4.7.6_02-43.36 is installed
  • OR xen-libs-4.7.6_02-43.36 is installed
  • OR xen-libs-32bit-4.7.6_02-43.36 is installed
  • OR xen-tools-4.7.6_02-43.36 is installed
  • OR xen-tools-domU-4.7.6_02-43.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_73-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_21-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND libXvMC1-1.0.8-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • python-PyYAML-5.3.1-28.6.1 is installed
  • OR python3-PyYAML-5.3.1-28.6.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_103-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libwireshark9-2.4.10-48.32 is installed
  • OR libwiretap7-2.4.10-48.32 is installed
  • OR libwscodecs1-2.4.10-48.32 is installed
  • OR libwsutil8-2.4.10-48.32 is installed
  • OR wireshark-2.4.10-48.32 is installed
  • OR wireshark-gtk-2.4.10-48.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libsnmp30-5.7.3-6.3 is installed
  • OR libsnmp30-32bit-5.7.3-6.3 is installed
  • OR net-snmp-5.7.3-6.3 is installed
  • OR perl-SNMP-5.7.3-6.3 is installed
  • OR snmp-mibs-5.7.3-6.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • bzip2-1.0.6-30.5 is installed
  • OR bzip2-doc-1.0.6-30.5 is installed
  • OR libbz2-1-1.0.6-30.5 is installed
  • OR libbz2-1-32bit-1.0.6-30.5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-paramiko-2.2.4-4.3 is installed
    • BACK