User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0040 (yaml)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0040: Updated yaml packages fix CVE-2013-6393
Date:  Sat, 8 Feb 2014 20:11:29 +0100
Message-ID:  <20140208191129.796CE5C47B@valstar.mageia.org>

MGASA-2014-0040 - Updated yaml packages fix CVE-2013-6393 Publication date: 08 Feb 2014 URL: http://advisories.mageia.org/MGASA-2014-0040.html Type: security Affected Mageia releases: 3, 4 CVE: CVE-2013-6393 Description: Updated libyaml packages fix security vulnerabilities: Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-6393). References: - http://www.debian.org/security/2014/dsa-2850 - https://bugs.mageia.org/show_bug.cgi?id=12583 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393 SRPMS: - 4/core/yaml-0.1.5-1.mga4 - 3/core/yaml-0.1.5-1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds