[Important] [Security] Vulnerability Fixes in urllib3, PyYAML, and Pillow (CVE-2018-20060, CVE-2020-1747, CVE-2020-14343, CVE-2023-50447, and CVE-2023-44271) for VzLinux 7.9

This update fixes the vulnerabilities in urllib3, PyYAML, and Pillow, which are registered as CVE-2018-20060, CVE-2020-1747, CVE-2020-14343, CVE-2023-50447, and CVE-2023-44271...

Alibaba Cloud Linux 3 : 0269: PyYAML (ALINUX3-SA-2024:0269)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0269 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2017-18342: In PyYAML before 5.1, the...

PyYAML: Arbitrary Code Execution

Background PyYAML is a YAML parser and emitter for Python. Description A vulnerability has been discovered in PyYAML. Please review the CVE identifier referenced below for details. Impact A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution whe...

CBL Mariner 2.0 Security Update: PyYAML (CVE-2020-1747)

The version of PyYAML installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-1747 advisory. - A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to...

CVE-2020-1747 affecting package PyYAML for versions less than 5.4.1-1

CVE-2020-1747 affecting package PyYAML for versions less than 5.4.1-1. An upgraded version of the package is available that resolves this issue...

Rocky Linux 8 : python38:3.8 (RLSA-2020:4641)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4641 advisory. - PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a...

SUSE CVE-2020-1747

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

SUSE: Security Advisory (SUSE-SU-2022:3231-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:3231-1 Security update for python-PyYAML

This update for python-PyYAML fixes the following issues: - CVE-2020-14343: Fixed a arbitrary code execution when processing untrusted YAML files through the fullload method or with the FullLoader loader. This Fixes an incomplete solution for CVE-2020-1747 bnc1174514...

SUSE SLES15 Security Update : python-PyYAML (SUSE-SU-2022:2841-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2841-1 advisory. - A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution...

SUSE: Security Advisory (SUSE-SU-2022:2841-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2841-1 Security update for python-PyYAML

This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution issue when parsing an untrusted YAML file with the default loader bsc1165439. - CVE-2020-14343: Completed the fix for CVE-2020-1747 bsc1174514...

Mageia: Security Advisory (MGASA-2021-0119)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PyYAML: incomplete fix for CVE-2020-1747

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw...

PyYAML: incomplete fix for CVE-2020-1747

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw...

Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2021:2583 Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python38:3.8 and python38-devel:3.8 security update

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, modwsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe,...