Advisories ยป MGASA-2020-0155

Updated python-yaml packages fix security vulnerability

Publication date: 02 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-1747


Updated python-yaml packages fix security vulnerability:

A vulnerability was discovered in the PyYAML library, where it is
susceptible to arbitrary code execution when it processes untrusted
YAML files through the full_load method or with the FullLoader loader.
Applications that use the library to process untrusted input may be
vulnerable to this flaw. An attacker could use this flaw to execute
arbitrary code on the system by abusing the python/object/new
constructor (CVE-2020-1747).