|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0040 (yaml)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0040: Updated yaml packages fix CVE-2013-6393 


Date:
    	      Sat, 8 Feb 2014 20:11:29 +0100


Message-ID:
    	      <20140208191129.796CE5C47B@valstar.mageia.org>


MGASA-2014-0040 - Updated yaml packages fix CVE-2013-6393

Publication date: 08 Feb 2014
URL: http://advisories.mageia.org/MGASA-2014-0040.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2013-6393

Description:
Updated libyaml packages fix security vulnerabilities:

Florian Weimer of the Red Hat Product Security Team discovered a heap-based
buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library.
A remote attacker could provide a YAML document with a specially-crafted tag
that, when parsed by an application using libyaml, would cause the application
to crash or, potentially, execute arbitrary code with the privileges of the
user running the application (CVE-2013-6393).

References:
- http://www.debian.org/security/2014/dsa-2850
- https://bugs.mageia.org/show_bug.cgi?id=12583
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393

SRPMS:
- 4/core/yaml-0.1.5-1.mga4
- 3/core/yaml-0.1.5-1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds