ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0119
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0119)
Resumen:	The remote host is missing an update for the 'python-yaml' package(s) announced via the MGASA-2021-0119 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-yaml' package(s) announced via the MGASA-2021-0119 advisory. Vulnerability Insight: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747 (CVE-2020-14343). Affected Software/OS: 'python-yaml' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14343 https://github.com/yaml/pyyaml/issues/420 https://bugzilla.redhat.com/show_bug.cgi?id=1860466 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.