Mageia Advisory: MGASA-2014-0508 - Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Publication date: 05 Dec 2014
Modification date: 05 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9130

Description

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability:

An assertion failure was found in the way the libyaml library parsed wrapped
strings. An attacker able to load specially crafted YAML input into an
application using libyaml could cause the application to crash
(CVE-2014-9130).

The perl-YAML-LibYAML package is also affected, as it was derived from the
same code.  Both have been patched to fix this issue.

References

https://bugs.mageia.org/show_bug.cgi?id=14689
https://bugzilla.redhat.com/show_bug.cgi?id=1169369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

SRPMS

4/core

yaml-0.1.6-1.1.mga4
perl-YAML-LibYAML-0.410.0-2.3.mga4

Advisories » MGASA-2014-0508

Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Description

References

SRPMS

4/core