Security update for snakeyaml SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1876-1 Final 1 1 2021-06-07T12:01:32Z current 2021-06-07T12:01:32Z 2021-06-07T12:01:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for snakeyaml This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation (bsc#1159488, bsc#1186088) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/apache-pulsar:3.3-2021-1876,Container suse/manager/5.0/x86_64/server:latest-2021-1876,Container suse/multi-linux-manager/5.1/x86_64/server:latest-2021-1876,Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure-2021-1876,Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM-2021-1876,Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE-2021-1876,Image SLES15-SP4-Manager-Server-4-3-2021-1876,Image SLES15-SP4-Manager-Server-4-3-Azure-llc-2021-1876,Image SLES15-SP4-Manager-Server-4-3-Azure-ltd-2021-1876,Image SLES15-SP4-Manager-Server-4-3-BYOS-2021-1876,Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure-2021-1876,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2021-1876,Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE-2021-1876,Image SLES15-SP4-Manager-Server-4-3-EC2-llc-2021-1876,Image SLES15-SP4-Manager-Server-4-3-EC2-ltd-2021-1876,Image server-image-2021-1876,SUSE-2021-1876,SUSE-SLE-Module-Development-Tools-15-SP2-2021-1876,SUSE-SLE-Module-Development-Tools-15-SP3-2021-1876,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-1876 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211876-1/ Link for SUSE-SU-2021:1876-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/008943.html E-Mail link for SUSE-SU-2021:1876-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1159488 SUSE Bug 1159488 https://bugzilla.suse.com/1186088 SUSE Bug 1186088 https://www.suse.com/security/cve/CVE-2017-18640/ SUSE CVE CVE-2017-18640 page Container containers/apache-pulsar:3.3 Container suse/manager/5.0/x86_64/server:latest Container suse/multi-linux-manager/5.1/x86_64/server:latest Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc Image SLES15-SP4-Manager-Server-4-3-Azure-ltd Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-EC2-llc Image SLES15-SP4-Manager-Server-4-3-EC2-ltd Image server-image SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Manager Server Module 4.2 snakeyaml-1.28-3.5.1 snakeyaml-javadoc-1.28-3.5.1 snakeyaml-1.28-3.5.1 as a component of Container containers/apache-pulsar:3.3 snakeyaml-1.28-3.5.1 as a component of Container suse/manager/5.0/x86_64/server:latest snakeyaml-1.28-3.5.1 as a component of Container suse/multi-linux-manager/5.1/x86_64/server:latest snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3 snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-llc snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-Azure-ltd snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-llc snakeyaml-1.28-3.5.1 as a component of Image SLES15-SP4-Manager-Server-4-3-EC2-ltd snakeyaml-1.28-3.5.1 as a component of Image server-image snakeyaml-1.28-3.5.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 snakeyaml-1.28-3.5.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 snakeyaml-1.28-3.5.1 as a component of SUSE Manager Server Module 4.2 The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Container containers/apache-pulsar:3.3:snakeyaml-1.28-3.5.1 Container suse/manager/5.0/x86_64/server:latest:snakeyaml-1.28-3.5.1 Container suse/multi-linux-manager/5.1/x86_64/server:latest:snakeyaml-1.28-3.5.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:snakeyaml-1.28-3.5.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:snakeyaml-1.28-3.5.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-Azure-llc:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-EC2-llc:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3-EC2-ltd:snakeyaml-1.28-3.5.1 Image SLES15-SP4-Manager-Server-4-3:snakeyaml-1.28-3.5.1 Image server-image:snakeyaml-1.28-3.5.1 SUSE Linux Enterprise Module for Development Tools 15 SP2:snakeyaml-1.28-3.5.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:snakeyaml-1.28-3.5.1 SUSE Manager Server Module 4.2:snakeyaml-1.28-3.5.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211876-1/ https://www.suse.com/security/cve/CVE-2017-18640.html CVE-2017-18640 https://bugzilla.suse.com/1159488 SUSE Bug 1159488 https://bugzilla.suse.com/1186088 SUSE Bug 1186088