Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0119
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0119)
Zusammenfassung:	The remote host is missing an update for the 'python-yaml' package(s) announced via the MGASA-2021-0119 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-yaml' package(s) announced via the MGASA-2021-0119 advisory. Vulnerability Insight: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747 (CVE-2020-14343). Affected Software/OS: 'python-yaml' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14343 https://github.com/yaml/pyyaml/issues/420 https://bugzilla.redhat.com/show_bug.cgi?id=1860466 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.