drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in perl-YAML-LibYAML
Name: |
Denial of Service in perl-YAML-LibYAML |
|
ID: |
FEDORA-2014-16266 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
So, 14. Dezember 2014, 00:28 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130 |
|
Applikationen: |
perl-YAML-LibYAML |
|
Originalnachricht |
Name : perl-YAML-LibYAML Product : Fedora 20 Version : 0.54 Release : 1.fc20 URL : http://search.cpan.org/dist/YAML-LibYAML/ Summary : Perl YAML Serialization using XS and libyaml Description : Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby.
------------------------------------------------------------------------------- - Update Information:
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. ------------------------------------------------------------------------------- - ChangeLog:
* Sun Nov 30 2014 Paul Howarth <paul@city-fan.org> - 0.54-1 - Update to 0.54 - Fix for an edge case in scanner that results in an assert() failing (https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure) (CVE-2014-9130) - Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525 * Tue Nov 18 2014 Jitka Plesnikova <jplesnik@redhat.com> - 0.52-3 - Update BRs (bz#1165198) * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 0.52-2 - Perl 5.20 rebuild * Sun Aug 24 2014 Paul Howarth <paul@city-fan.org> - 0.52-1 - Update to 0.52 - Fix e1 test failure on 5.21.4 * Mon Aug 18 2014 Paul Howarth <paul@city-fan.org> - 0.51-1 - Update to 0.51 (various minor tidy-ups, no functional changes) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.47-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Aug 9 2014 Paul Howarth <paul@city-fan.org> - 0.47-1 - Update to 0.47: - Fix swim errors - Include upstream license file * Wed Aug 6 2014 Jitka Plesnikova <jplesnik@redhat.com> - 0.46-1 - 0.46 bump * Tue Aug 5 2014 Jitka Plesnikova <jplesnik@redhat.com> - 0.45-1 - 0.45 bump * Mon Jul 14 2014 Jitka Plesnikova <jplesnik@redhat.com> - 0.44-1 - 0.44 bump * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.41-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Mar 27 2014 Paul Howarth <paul@city-fan.org> - 0.41-4 - Fix LibYAML input sanitization errors (CVE-2014-2525) - Fix heap-based buffer overflow when parsing YAML tags (CVE-2013-6393) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings https://bugzilla.redhat.com/show_bug.cgi?id=1169369 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update perl-YAML-LibYAML' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|