1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Mar 8 14:00:03 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2870-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    March 08, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libyaml-libyaml-perl
    Vulnerability : heap-based buffer overflow
    CVE ID : CVE-2013-6393

    Florian Weimer of the Red Hat Product Security Team discovered a
    heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and
    emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml,
    would cause the application to crash or, potentially, execute arbitrary
    code with the privileges of the user running the application.

    This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package.

    For the oldstable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze2.

    For the stable distribution (wheezy), this problem has been fixed in
    version 0.38-3+deb7u1.

    For the testing distribution (jessie), this problem has been fixed in
    version 0.41-4.

    For the unstable distribution (sid), this problem has been fixed in
    version 0.41-4.

    We recommend that you upgrade your libyaml-libyaml-perl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJTGxHlAAoJEAVMuPMTQ89EbtQQAKD9QG9kNJTuFl0P777wSyAR gQzzFjOGPP+p9Q3OWewXK2Xfk6fb6eBRk2vI3TZ63XD3KPPebhfMvRGHILp1jscI hab6pHbp2Bs6PcX+ahEUfVhnv+7J+RxNEjjl5RWMIznUCM6G5tX4xjAbaKTnAUSZ cbGHc3agtNXxQLGdW1eLedIZjWqVtkPQ3q7UbGl8dXbP8s1XWc0N+LJZDskFYfUT /99qX122gFOpNPI9YGuosa+I5J0LWCJz/+qN00wx5K5uipsV52wgR4Kq+xMLV545 A1sPTpNiNkOrIvXQiWLP6JrLV39gb0G09dBCn6veCmhiagBvkSY5A8/wWphiG9k1 OKpwqYp1rFxWEpCgImU3TqiZutIM/yKopJPa+Lz4ZAb6yI62411hati7f6gqdYk1 GU3cJsPMQQ4Xz7Uj0po2gZ76UNo5skYsdOdunQv3foWDVoRNkHB1BbTsrQFBUD3u zbih3vhLmK01lvgNYDTyhJodtCfRJumMn6o0zaWBEYOVpD7GzwABxECyDwSe626D bs8QXWPuK5DaJ/XkntmswRkeJ3NBsGVwaZUszmTPCLLX/XEPDQls1yuYnPCUvo/4 +hNTlkEwpzW1x1G1Kpd7m2j7KsS6xpAgnt90B0RHPrTtS63xEGIgk3Z5301yxzcE OjzJ2ZxxdRIEU6fMgC0W
    =fvig
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)