CVE-2014-9130
Published: 8 December 2014
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
Notes
Author | Note |
---|---|
seth-arnold | pyyaml may receive its own CVE |
mdeslaur | perl PoC: http://www.openwall.com/lists/oss-security/2014/11/28/6 |
sbeattie | ruby1.9+ uses libyaml-0-2, so it's fixed when libyaml is fixed |
Priority
Status
Package | Release | Status |
---|---|---|
libyaml Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(0.1.4-2ubuntu0.12.04.4)
|
|
trusty |
Released
(0.1.4-3ubuntu3.1)
|
|
upstream |
Released
(0.1.6-3)
|
|
utopic |
Released
(0.1.6-1ubuntu0.1)
|
|
Patches: upstream: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 |
||
libyaml-libyaml-perl Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(0.38-2ubuntu0.2)
|
|
trusty |
Released
(0.41-5ubuntu0.14.04.1)
|
|
upstream |
Released
(0.41-6)
|
|
utopic |
Released
(0.41-5ubuntu0.14.10.1)
|
|
pyyaml Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(3.10-2ubuntu0.1)
|
|
trusty |
Released
(3.10-4ubuntu0.1)
|
|
upstream |
Needed
|
|
utopic |
Released
(3.11-1ubuntu0.1)
|
|
Patches: upstream: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc |