Advisories » MGASA-2015-0004

Updated python-yaml packages fix security vulnerability

Publication date: 05 Jan 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9130

Description

Updated python-yaml packages fix security vulnerability:

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way
wrapped strings are parsed in Python-YAML, a YAML parser and emitter for
Python. An attacker able to load specially crafted YAML input into an
application using python-yaml could cause the application to crash.

This issue is similar to CVE-2014-9130, but the assertion was independently
implemented in Python-YAML.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14917
• http://advisories.mageia.org/MGASA-2014-0508.html
• https://www.debian.org/security/2014/dsa-3115
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

SRPMS

4/core

• python-yaml-3.10-5.1.mga4