Debian Security Advisory DSA 3102-1 (libyaml - Security Update) Network Vulnerability

Summary

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u5. For the upcoming stable distribution (jessie), this problem has been fixed in version 0.1.6-3. For the unstable distribution (sid), this problem has been fixed in version 0.1.6-3. We recommend that you upgrade your libyaml packages.

Affected

libyaml on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3102.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9130

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1093-1 (xine-ui)
Debian Security Advisory DSA 1023-1 (kaffeine)
Debian Security Advisory DSA 103-1 (glibc)
Debian Security Advisory DSA 1081-1 (libextractor)
Debian Security Advisory DSA 1155-2 (sendmail)

Debian Security Advisory DSA 3102-1 (libyaml - security update)

Take action and discover your vulnerabilities