Advisories ยป MGASA-2014-0508

Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Publication date: 05 Dec 2014
Modification date: 05 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9130

Description

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability:

An assertion failure was found in the way the libyaml library parsed wrapped
strings. An attacker able to load specially crafted YAML input into an
application using libyaml could cause the application to crash
(CVE-2014-9130).

The perl-YAML-LibYAML package is also affected, as it was derived from the
same code.  Both have been patched to fix this issue.
                

References

SRPMS

4/core