drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in libyaml-libyaml-perl
Name: |
Pufferüberlauf in libyaml-libyaml-perl |
|
ID: |
USN-2161-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.10 |
|
Datum: |
Fr, 4. April 2014, 08:26 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525 |
|
Applikationen: |
libyaml-libyaml-perl |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5957460395348534448== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Nu2jC6fA7f4vup78sknFsOa5c4A4179jI"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Nu2jC6fA7f4vup78sknFsOa5c4A4179jI Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2161-1 April 03, 2014
libyaml-libyaml-perl vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
libyaml-libyaml-perl could be made to crash or run programs if it opened a specially crafted YAML file.
Software Description: - libyaml-libyaml-perl: Perl interface to libyaml, a YAML implementation
Details:
Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6393)
Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-2525)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libyaml-libyaml-perl 0.38-3ubuntu0.13.10.1
Ubuntu 12.10: libyaml-libyaml-perl 0.38-3ubuntu0.12.10.1
Ubuntu 12.04 LTS: libyaml-libyaml-perl 0.38-2ubuntu0.1
After a standard system update you need to restart applications using libyaml-libyaml-perl to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2161-1 CVE-2013-6393, CVE-2014-2525
Package Information: https://launchpad.net/ubuntu/+source/libyaml-libyaml-perl/0.38-3ubuntu0.13.10.1 https://launchpad.net/ubuntu/+source/libyaml-libyaml-perl/0.38-3ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/libyaml-libyaml-perl/0.38-2ubuntu0.1
--Nu2jC6fA7f4vup78sknFsOa5c4A4179jI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTPXKSAAoJEGVp2FWnRL6TCrkQAJ4FmKwQZxacazdzboeMQy8Q WSss7AYI6Dej6271xzeAkcaTqMQZ35zbCewSx3tbt+j+S1EipoTx1xaPK77IZkpk Mal9xficbGuGcCkNg6rRlxoT+sD9rWnm239uaN/iK0Y/658TUgzXarLRWFwdQarB iNpP1PopuuwnsWPgrlC2AGEJPNomFrZ3NwahK60XXQr9Xh/nHTuClWjSOJ6OKHui pgM7ZrdNEJClUAIz2OOEJbU5mGrJKav1pUNM3EGiKiz0EGDhdGG28UCEN6kDVsEx 3coRqjVbk4GOrAY1ioeUmAH/LynCHTsb8gF2u7Y6RmzsdxmiLGvHM4u+l6UnMfDj IxBIyVT93d3Rc06vzjR19qszfoOqJrfdMODrO1ymZAeCI3VzrFE5H8HCCkaNJ0Z+ APmPvZHtiR/FlFsYnzIAYMPHxqWKrnI05+ZKX+nacHDIjkAyya9ueTvWNM9xNGNm aLrNeZT9OTOS925zcw3R+0YKDJOjqNL0RyuFUkEKlwkSjBWrQZL2PIqgXmtCxXTQ PpYLZ76iMjpg3EoCZsFewwwfviFeOIPtqtn+l+MktYFp4gDUKEIrXxtuoIJEEp8s S10bt+ehblJ9XhDPfx2yJR+uCZ3LXgdb1wgl3QfsQinmmwtiVZlSowTbjZgkan4J jqTO+v0YB8dXlgioSkc8 =3a8y -----END PGP SIGNATURE-----
--Nu2jC6fA7f4vup78sknFsOa5c4A4179jI--
--===============5957460395348534448== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5957460395348534448==--
|
|
|
|