Advisories » MGASA-2014-0040

Updated yaml packages fix CVE-2013-6393

Publication date: 08 Feb 2014
Modification date: 08 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6393

Description

Updated libyaml packages fix security vulnerabilities:

Florian Weimer of the Red Hat Product Security Team discovered a heap-based
buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library.
A remote attacker could provide a YAML document with a specially-crafted tag
that, when parsed by an application using libyaml, would cause the application
to crash or, potentially, execute arbitrary code with the privileges of the
user running the application (CVE-2013-6393).
                

References

• http://www.debian.org/security/2014/dsa-2850
• https://bugs.mageia.org/show_bug.cgi?id=12583
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393

SRPMS

3/core

• yaml-0.1.5-1.mga3

4/core

• yaml-0.1.5-1.mga4