Security update for python-PyYAML SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2818-1 Final 1 1 2021-08-24T07:05:40Z current 2021-08-24T07:05:40Z 2021-08-24T07:05:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-PyYAML This update for python-PyYAML fixes the following issues: - Update to 5.3.1. - CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-2818,Image SLES12-SP5-Azure-BYOS-2021-2818,Image SLES12-SP5-Azure-HPC-BYOS-2021-2818,Image SLES12-SP5-Azure-SAP-BYOS-2021-2818,Image SLES12-SP5-EC2-BYOS-2021-2818,Image SLES12-SP5-EC2-ECS-On-Demand-2021-2818,Image SLES12-SP5-EC2-On-Demand-2021-2818,Image SLES12-SP5-EC2-SAP-BYOS-2021-2818,Image SLES12-SP5-EC2-SAP-On-Demand-2021-2818,Image SLES12-SP5-GCE-BYOS-2021-2818,Image SLES12-SP5-GCE-SAP-BYOS-2021-2818,SUSE-2021-2818,SUSE-OpenStack-Cloud-7-2021-2818,SUSE-OpenStack-Cloud-8-2021-2818,SUSE-OpenStack-Cloud-9-2021-2818,SUSE-OpenStack-Cloud-Crowbar-8-2021-2818,SUSE-OpenStack-Cloud-Crowbar-9-2021-2818,SUSE-SLE-Module-Public-Cloud-12-2021-2818,SUSE-SLE-SAP-12-SP3-2021-2818,SUSE-SLE-SAP-12-SP4-2021-2818,SUSE-SLE-SERVER-12-SP3-2021-2818,SUSE-SLE-SERVER-12-SP3-BCL-2021-2818,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2818,SUSE-SLE-SERVER-12-SP5-2021-2818 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212818-1/ Link for SUSE-SU-2021:2818-1 https://lists.suse.com/pipermail/sle-security-updates/2021-August/009336.html E-Mail link for SUSE-SU-2021:2818-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174514 SUSE Bug 1174514 https://www.suse.com/security/cve/CVE-2020-14343/ SUSE CVE CVE-2020-14343 page HPE Helion OpenStack 8 Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-SAP-BYOS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 python-PyYAML-5.3.1-28.6.1 python3-PyYAML-5.3.1-28.6.1 python-PyYAML-5.3.1-28.6.1 as a component of HPE Helion OpenStack 8 python3-PyYAML-5.3.1-28.6.1 as a component of HPE Helion OpenStack 8 python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-Azure-BYOS python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-EC2-BYOS python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-EC2-On-Demand python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-GCE-BYOS python-PyYAML-5.3.1-28.6.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 python-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 python-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud 7 python-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud 8 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud 8 python-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud 9 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud 9 python-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 python3-PyYAML-5.3.1-28.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. CVE-2020-14343 HPE Helion OpenStack 8:python-PyYAML-5.3.1-28.6.1 HPE Helion OpenStack 8:python3-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-Azure-BYOS:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-Azure-HPC-BYOS:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-Azure-SAP-BYOS:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-EC2-BYOS:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-EC2-On-Demand:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-EC2-SAP-BYOS:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-GCE-BYOS:python-PyYAML-5.3.1-28.6.1 Image SLES12-SP5-GCE-SAP-BYOS:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Module for Public Cloud 12:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:python3-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:python3-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:python3-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP5:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server 12 SP5:python3-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-PyYAML-5.3.1-28.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud 7:python-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud 8:python-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud 8:python3-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud 9:python-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud 9:python3-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud Crowbar 8:python-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud Crowbar 8:python3-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud Crowbar 9:python-PyYAML-5.3.1-28.6.1 SUSE OpenStack Cloud Crowbar 9:python3-PyYAML-5.3.1-28.6.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212818-1/ https://www.suse.com/security/cve/CVE-2020-14343.html CVE-2020-14343 https://bugzilla.suse.com/1174514 SUSE Bug 1174514