drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in PyYAML
Name: |
Denial of Service in PyYAML |
|
ID: |
DSA-3115-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
Mo, 29. Dezember 2014, 23:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130 |
|
Applikationen: |
PyYAML |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3115-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 29, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : pyyaml CVE ID : CVE-2014-9130 Debian Bug : 772815
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.
For the stable distribution (wheezy), this problem has been fixed in version 3.10-4+deb7u1.
For the upcoming stable distribution (jessie), this problem has been fixed in version 3.11-2.
For the unstable distribution (sid), this problem has been fixed in version 3.11-2.
We recommend that you upgrade your pyyaml packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJUochoAAoJEBDCk7bDfE42uksP/iffDvE9L3Wm1DcVVgtWmzgK Piq6PdO3ztbcSW6av53E5MgVDixQgmyqPluWQOU0GGdcbWtpNBbWw7loyLjeu692 d0pVvxtmDQXWaXMcYTMxPnL6mub6HtIUSxeaymiOSeY7kAaV4HOntPQrivMrPM0n hlmtQsu6whSXP3BqaXffL9mGeIVfmknGnMOdkJq41nrSJIkjN/BN+jBca8BHhizA J0ntxYu0CZyLUTKyKWhTTmgxRPWTyyr/+s3a7Xrjn6+Wkj8SF7XP+2NLLLDshY/R tBSfuRmk+tx/249PTXhLEvQvS7mR+FouMfYHsAJjPtIqmxXk6BkRxI3W4I5felP+ ntAGX22o51SAIrm4fQDKlJW5wDowRu1iP7K8uQx2xWhGLo7w3QIreYU1J/ny6Xpe Ms57exgDHnYrmJs68bdAKRHTyZScr+4s/DapW/awBBLap3uhU3qjMfnyj4XDhC+u 5gkIcok8uBxvkS4Sh1zkykNJL8efEY0CeyzNiAMwkSG3qfC9EgSQFh7M8bNg6Iie 8gnGy4WpqecY2lpE5ZmAThlsFmoWhIhM6AVRqKqcSYI/2P4qs/mhxTeTqphh7+xe Fz3r2CNAQtF0T2wU66+BVFg+6IYUkyjHg/GdtGAfvR7UVdNN8fwlao8U+bTaEfD+ EQoTq8Ql4+hnEJR+Sk1r =Usft -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/20141229213430.GA7181@pisco.westfalen.local
|
|
|
|