Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Ubuntu 20.04 LTS USN-4940-1 Critical: PyYAML Remote Code Execution

Calendar May 10, 2021 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution remote code execution critical risk Ubuntu ubuntu pyyaml PyYAML
PyYAML could be made to run programs if it opened a specially crafted YAML file. 
=========================================================================Ubuntu Security Notice USN-4940-1
May 10, 2021

pyyaml vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS

Summary:

PyYAML could be made to run programs if it opened a specially crafted YAML
file.

Software Description:
- pyyaml: YAML parser and emitter for Python

Details:

It was discovered that PyYAML incorrectly handled untrusted YAML files with
the FullLoader loader. A remote attacker could possibly use this issue to
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  python3-yaml                    5.3.1-2ubuntu0.1

Ubuntu 20.04 LTS:
  python-yaml                     5.3.1-1ubuntu0.1
  python3-yaml                    5.3.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4940-1
  CVE-2020-14343

Package Information:
  https://launchpad.net/ubuntu/+source/pyyaml/5.3.1-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/pyyaml/5.3.1-1ubuntu0.1

Ubuntu 20.04 LTS USN-4940-1 Critical: PyYAML Remote Code Execution

ubuntu
Calendar Grey May 10, 2021
Dist Ubuntu Esm H88
To secure your Ubuntu system against PyYAML vulnerabilities, follow these update steps carefully and strengthen your environment against remote code execution risks
PyYAML could be made to run programs if it opened a specially crafted YAML file.

Summary

Topics%20covered

Topics Covered

security advisory critical code execution remote code execution critical risk Ubuntu ubuntu pyyaml PyYAML

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: python3-yaml 5.3.1-2ubuntu0.1 Ubuntu 20.04 LTS: python-yaml 5.3.1-1ubuntu0.1 python3-yaml 5.3.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4940-1

CVE-2020-14343

Severity
critical
Lowest
Low
Medium
High
Critical

May 10, 2021

Topics%20covered

Topics Covered

security advisory critical code execution remote code execution critical risk Ubuntu ubuntu pyyaml PyYAML

Package Information

https://launchpad.net/ubuntu/+source/pyyaml/5.3.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/pyyaml/5.3.1-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here