Mageia Advisory: MGASA-2020-0155 - Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability

Publication date: 02 Apr 2020
Modification date: 02 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-1747

Description

Updated python-yaml packages fix security vulnerability:

A vulnerability was discovered in the PyYAML library, where it is
susceptible to arbitrary code execution when it processes untrusted
YAML files through the full_load method or with the FullLoader loader.
Applications that use the library to process untrusted input may be
vulnerable to this flaw. An attacker could use this flaw to execute
arbitrary code on the system by abusing the python/object/new
constructor (CVE-2020-1747).

References

https://bugs.mageia.org/show_bug.cgi?id=26405
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1747

SRPMS

7/core

python-yaml-5.3.1-1.mga7

Advisories » MGASA-2020-0155

Updated python-yaml packages fix security vulnerability

Description

References

SRPMS

7/core