Advisories » MGASA-2018-0471

Updated yaml-cpp packages fix security vulnerability

Publication date: 28 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-5950

Description

The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++)
0.5.1 allows remote attackers to cause a denial of service (stack
consumption and application crash) via a crafted YAML file.
(CVE-2017-5950)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23695
• https://bugzilla.novell.com/show_bug.cgi?id=CVE-2017-5950
• https://github.com/jbeder/yaml-cpp/pull/489
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5950

SRPMS

6/core

• yaml-cpp-0.5.1-6.1.mga6