Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-18342

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Related bugs and status

CVE-2017-18342 (Candidate) is related to these bugs:

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

Bug #1839398: Security Vulnerability in PyYAML-3.x: upgrade needed

Summary				In	Importance	Status
	1839398	Security Vulnerability in PyYAML-3.x: upgrade needed		oslo.config	Medium	Fix Released
	1839398	Security Vulnerability in PyYAML-3.x: upgrade needed		OpenStack Security Advisory	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/yam...
MISC: https://github.com/yam...
FEDORA: FEDORA-2019-44643e8bcb
FEDORA: FEDORA-2019-779a9db46a
FEDORA: FEDORA-2019-bed9afe622
MISC: https://github.com/mar...
MISC: https://github.com/yam...
MISC: https://github.com/yam...
GENTOO: GLSA-202003-45