Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 29: 2019: bed9afe622 Critical: PyYAML Code Execution Risk

fedora
Calendar Grey March 21, 2019
Dist Fedora Esm H88
Fedora 29 enhances security by upgrading PyYAML to version 5.1, addressing vulnerabilities related to unsafe usage of yaml.load.
New upstream release 5.1 (rhbz#1688414) Fixes CVE-2017-18342 (rhbz#1595744)

Summary

YAML is a data serialization format designed for human readability and

interaction with scripting languages. PyYAML is a YAML parser and

emitter for Python.

PyYAML features a complete YAML 1.1 parser, Unicode support, pickle

support, capable extension API, and sensible error messages. PyYAML

supports standard YAML tags and provides Python-specific tags that

allow to represent an arbitrary Python object.

PyYAML is applicable for a broad range of tasks from complex

configuration files to object serialization and persistence.

New upstream release 5.1 (rhbz#1688414) Fixes CVE-2017-18342 (rhbz#1595744)

* Wed Mar 13 2019 John Eckersberg - 5.1-1

- New upstream release 5.1 (rhbz#1688414)

- Fixes CVE-2017-18342 (rhbz#1595744)

* Fri Mar 8 2019 John Eckersberg - 5.1-0.1.b6

- New upstream beta release 5.1b6 (rhbz#1686643)

* Thu Feb 28 2019 John Eckersberg - 5.1-0.1.b3

- New upstream beta release 5.1b3 (rhbz#1683884)

* Mon Feb 25 2019 John Eckersberg - 5.1-0.1.b1

- New upstream beta release 5.1b1 (rhbz#1680457)

- Typo fix (rhbz#1680463)

* Thu Jan 31 2019 Fedora Release Engineering - 4.2-0.2.b4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

[ 1 ] Bug #1688414 - PyYAML-5.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1688414

[ 2 ] Bug #1595744 - CVE-2017-18342 PyYAML: yaml.load() API could execute arbitrary code [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1595744

su -c 'dnf upgrade --advisory FEDORA-2019-bed9afe622' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory software update Fedora CVE fix threat mitigation Python library

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 5.1
Release: 1.fc29
URL: https://github.com/yaml/pyyaml
Summary: YAML parser and emitter for Python

Topics%20covered

Topics Covered

security advisory software update Fedora CVE fix threat mitigation Python library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here