Lucene search

Gentoo FoundationMGASA-2014-0150

HistoryApr 03, 2014 - 4:33 a.m.

Updated libyaml package fixes security vulnerability

2014-04-0304:33:14

Gentoo Foundation

advisories.mageia.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.731 High

EPSS

Percentile

98.1%

JSON

Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2014-2525).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchyaml< 0.1.6-1yaml-0.1.6-1.mga3
Mageia4noarchyaml< 0.1.6-1yaml-0.1.6-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	yaml	< 0.1.6-1	yaml-0.1.6-1.mga3
Mageia	4	noarch	yaml	< 0.1.6-1	yaml-0.1.6-1.mga4

References

www.debian.org/security/2014/dsa-2884

bugs.mageia.org/show_bug.cgi?id=13101

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.731 High

EPSS

Percentile

98.1%

JSON

Related for MGASA-2014-0150