Updated python-yaml packages fix security vulnerability:
A vulnerability was discovered in the PyYAML library, where it is
susceptible to arbitrary code execution when it processes untrusted
YAML files through the full_load method or with the FullLoader loader.
Applications that use the library to process untrusted input may be
vulnerable to this flaw. An attacker could use this flaw to execute
arbitrary code on the system by abusing the python/object/new
constructor (CVE-2020-1747).
- https://bugs.mageia.org/show_bug.cgi?id=26405
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/
- https://www.cve.org/CVERecord?id=CVE-2020-1747
- 7/core/python-yaml-5.3.1-1.mga7
Get the latest Linux and open source security news straight to your inbox.