Sicherheit: Denial of Service in LibYAML

Lesezeichen hinzufügen

--===============2559837918587184558==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="gj572EiMnwbLXET9"
Content-Disposition: inline

--gj572EiMnwbLXET9
Content-Type: text/plain; charset=utf-8
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2461-1
January 12, 2015

libyaml vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Applications using LibYAML could be made to crash if they received
specially crafted input.

Software Description:
- libyaml: Fast YAML 1.1 parser and emitter library

Details:

StanisÅaw Pitucha and Jonathan Gray discovered that LibYAML did not
properly handle wrapped strings. An attacker could create specially
crafted YAML data to trigger an assert, causing a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libyaml-0-2 0.1.6-1ubuntu0.1

Ubuntu 14.04 LTS:
libyaml-0-2 0.1.4-3ubuntu3.1

Ubuntu 12.04 LTS:
libyaml-0-2 0.1.4-2ubuntu0.12.04.4

After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2461-1
CVE-2014-9130

Package Information:
https://launchpad.net/ubuntu/+source/libyaml/0.1.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-3ubuntu3.1
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.04.4

--gj572EiMnwbLXET9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUtEpIAAoJEC8Jno0AXoH0tdkQALSatZE9HZNd7Cxb8heGXhhG
mOOLkMAbyytBY/tVH7yGhEupDv34EsSTHbiU3aANkJ8js18Z52UWNcBfs9Wns8hN
D+naQlQR+h0LKmGZEv1yZop8i/MUqhK9nImpg1Avm7vbhdPz7b2DLsJkuCSZbvPq
e1Mot7RR3iQzINnzi9Vlu3eq+QupRhf1jk1c8X5PvCw95k95E44mJmMUiOSJn3rw
tvpriblWO1E81qrc6ctLppYB/STbWQo2Zkl4cXK/dsiJMTY8fYPa5/e76w375qB2
wFR9a5xJlP/Psn0FZKNUJogTvtSLSc1gOiWJTcfx1ovmFgDnRu7ZpCzx006Y0D8o
JlYtR9MThw2RoybkJqEykYv+7p6NEq4hdM6h/DZpcpZQGZj2mURj1NGKakAOZOaM
GVTnkbeQ/e3MUDjVaMfRbP2iVxqK7i5Un3iAp/4Uy7sdhmG7FHS4Borw4Amu5NpK
2gQBU1sdDf/pnXLQ5u7VWp2B4c3Uyj6nJ/TI7FGKbUGMW2b96VKsmxgSjfqFjePf
DPEbXthAq7dsYN13GCS0kNUuGMVydv2ZaJ0mWnSZ5u+mwG2meWp4DodOzzrUF2Hm
G38NWeGv32hxlJxbut6j2FWtV5qbs6LgMYLlfidbkpmUkgBxEma293GYxlPRDnQB
Qc4D5DBkycRWTT2sYj9E
=HBJe
-----END PGP SIGNATURE-----

--gj572EiMnwbLXET9--

--===============2559837918587184558==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2559837918587184558==--