Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 20.04 LTS USN-4940-1 Critical: PyYAML Remote Code Execution

ubuntu
Calendar Grey May 10, 2021
Dist Ubuntu Esm H88
To secure your Ubuntu system against PyYAML vulnerabilities, follow these update steps carefully and strengthen your environment against remote code execution risks
PyYAML could be made to run programs if it opened a specially crafted YAML file.

Summary

PyYAML could be made to run programs if it opened a specially crafted YAML

file.

Software Description:

- pyyaml: YAML parser and emitter for Python

Details:

It was discovered that PyYAML incorrectly handled untrusted YAML files with

the FullLoader loader. A remote attacker could possibly use this issue to

execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  python3-yaml                    5.3.1-2ubuntu0.1

Ubuntu 20.04 LTS:
  python-yaml                     5.3.1-1ubuntu0.1
  python3-yaml                    5.3.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4940-1

CVE-2020-14343

Severity
critical
Lowest
Low
Medium
High
Critical

May 10, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here