An update for python-yaql is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1329 Final 1.0 1.0 2024-03-29 Initial 2024-03-29 2024-03-29 openEuler SA Tool V1.0 2024-03-29 python-yaql security update An update for python-yaql is now available for openEuler-22.03-LTS-SP1. YAQL (Yet Another Query Language) is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YAQL is written in python and is distributed via PyPI. Security Fix(es): In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.(CVE-2024-29156) An update for python-yaql is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High python-yaql https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1329 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-29156 https://nvd.nist.gov/vuln/detail/CVE-2024-29156 openEuler-22.03-LTS-SP1 python-yaql-help-2.0.0-2.oe2203sp1.noarch.rpm python3-yaql-2.0.0-2.oe2203sp1.noarch.rpm python-yaql-2.0.0-2.oe2203sp1.src.rpm In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information. 2024-03-29 CVE-2024-29156 openEuler-22.03-LTS-SP1 High 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H python-yaql security update 2024-03-29 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1329