Debian Security Advisory DSA 3115-1 (pyyaml - Security Update) Network Vulnerability

Summary

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 3.10-4+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 3.11-2. For the unstable distribution (sid), this problem has been fixed in version 3.11-2. We recommend that you upgrade your pyyaml packages.

Affected

pyyaml on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3115.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9130

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1147-1 (drupal)
Debian Security Advisory DSA 004-1 (nano)
Debian Security Advisory DSA 1100-1 (wv2)
Debian Security Advisory DSA 1058-1 (awstats)
Debian Security Advisory DSA 1061-1 (popfile)

Debian Security Advisory DSA 3115-1 (pyyaml - security update)

Take action and discover your vulnerabilities