CVE-2017-18342

Advisory

Junos-eznc 2.2.1 fixes PyYAML as per CVE-2017-18342.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Features Added
- None
Bugs Fixed
- Handle multiple package-result values from sw.install 864
- Extended support to WR-Based Linux H/W 882 883 889
- Fixed issues in Console over SSH 877
- Optimized PyEZ docker image size and minor bug fixes 894 911
- Fixed JSON serialization for Junos facts 902
- Updated securityzone.yml. Added item `zone-security` 909
- Fixed runtime error while using Outbound-SSH 915
- Fixed Pyyaml bugs 914 917 918

v1.0.1-iAgent
* fix PyYAML as per CVE-2017-18342
* Sync code with Latest PyEZ 2.2.0

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342
• https://github.com/yaml/pyyaml/pull/74
• https://github.com/yaml/pyyaml/blob/master/CHANGES
• https://lists.fedoraproject.org/archives/list/[email protected]/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/
• https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
• https://github.com/marshmallow-code/apispec/issues/278
• https://github.com/yaml/pyyaml/issues/193
• https://security.gentoo.org/glsa/202003-45