Search...

CentOS Update for libyaml CESA-2015:0100 centos6

2015-01-29T00:00:00

ID OPENVAS:1361412562310882111
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2017-07-10T00:00:00

Description

Check the version of libyaml

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for libyaml CESA-2015:0100 centos6 
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.882111");
  script_version("$Revision: 6657 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)");
  script_cve_id("CVE-2014-9130");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_name("CentOS Update for libyaml CESA-2015:0100 centos6 ");
  script_tag(name: "summary", value: "Check the version of libyaml");
  script_tag(name: "vuldetect", value: "Get the installed version with the help of detect NVT and check if the version is vulnerable or not.");
  script_tag(name: "insight", value: "YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.

An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input into
an application using libyaml could cause the application to crash.
(CVE-2014-9130)

All libyaml users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
linked against the libyaml library must be restarted for this update to
take effect.
");
  script_tag(name: "affected", value: "libyaml on CentOS 6");
  script_tag(name: "solution", value: "Please Install the Updated Packages.");
  script_xref(name: "CESA", value: "2015:0100");
  script_xref(name: "URL" , value: "http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS6")
{

  if ((res = isrpmvuln(pkg:"libyaml", rpm:"libyaml~0.1.3~4.el6_6", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libyaml-devel", rpm:"libyaml-devel~0.1.3~4.el6_6", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "history": [{"lastseen": "2017-07-07T10:51:34", "differentElements": ["modified", "sourceData"], "edition": 2, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "history": [], "naslFamily": "CentOS Local Security Checks", "id": "OPENVAS:1361412562310882111", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "description": "Check the version of libyaml", "published": "2015-01-29T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "sourceData", "hash": "a1fe564ded490f632a08f2ddd9b2c25e"}, {"key": "references", "hash": "f3454ec03be77e072e667d6775658982"}, {"key": "title", "hash": "c87ad62cd93f06fc2abb1a93f2333b86"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "published", "hash": "3d8d634cf2d0899c0d90aff4e213fae6"}, {"key": "description", "hash": "aff203d75a2b331ff1c78e8247d5430e"}, {"key": "href", "hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca"}, {"key": "cvelist", "hash": "cc171bd0dbd89ba081b539913af77f15"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "pluginID", "hash": "d631eeaaf1ec0346de745c0af8b22e85"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "modified", "hash": "e56ec8cb5c39a87184fdd02aa7a685e8"}], "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 6404 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-22 12:00:06 +0200 (Thu, 22 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "1361412562310882111", "hash": "3c7e5c50faf99c2169c30250b5f28b35100376731a0f36ca346d4442c8aead93", "modified": "2017-06-22T00:00:00", "edition": 2, "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-07T10:51:34", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "objectVersion": "1.3", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"]}}, {"lastseen": "2017-07-02T21:11:47", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "history": [], "naslFamily": "CentOS Local Security Checks", "id": "OPENVAS:1361412562310882111", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "description": "Check the version of libyaml", "published": "2015-01-29T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "references", "hash": "f3454ec03be77e072e667d6775658982"}, {"key": "title", "hash": "c87ad62cd93f06fc2abb1a93f2333b86"}, {"key": "modified", "hash": "eda6b6cbd16377d59756673c52e7be00"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "published", "hash": "3d8d634cf2d0899c0d90aff4e213fae6"}, {"key": "description", "hash": "aff203d75a2b331ff1c78e8247d5430e"}, {"key": "href", "hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca"}, {"key": "cvelist", "hash": "cc171bd0dbd89ba081b539913af77f15"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "sourceData", "hash": "2102ed89384876a1a3fe87189f672fc9"}, {"key": "pluginID", "hash": "d631eeaaf1ec0346de745c0af8b22e85"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}], "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 3327 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-17 10:03:06 +0200 (Tue, 17 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_summary(\"Check for the Version of libyaml\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "1361412562310882111", "hash": "70ddfa7d0a155e2f84474d72f4e4080d6706f50923d69d666324f4437d8dc943", "modified": "2016-05-17T00:00:00", "edition": 1, "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-02T21:11:47", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "objectVersion": "1.3", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"]}}], "naslFamily": "CentOS Local Security Checks", "id": "OPENVAS:1361412562310882111", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-29T00:00:00", "description": "Check the version of libyaml", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "1361412562310882111", "hash": "3b50e49215d4398a79ea7c34b07477c1fe334d8b0ddc5a63e97ae2ef3330c2c0", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"], "edition": 3, "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-25T10:52:47", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "cc171bd0dbd89ba081b539913af77f15"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "aff203d75a2b331ff1c78e8247d5430e"}, {"key": "href", "hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "d631eeaaf1ec0346de745c0af8b22e85"}, {"key": "published", "hash": "3d8d634cf2d0899c0d90aff4e213fae6"}, {"key": "references", "hash": "f3454ec03be77e072e667d6775658982"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "079461c242086ed7da57819d7dcd9599"}, {"key": "title", "hash": "c87ad62cd93f06fc2abb1a93f2333b86"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-10T00:00:00"}

{"result": {"cve": [{"id": "CVE-2014-9130", "type": "cve", "title": "CVE-2014-9130", "description": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.", "published": "2014-12-08T11:59:04", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9130", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-12-09T11:24:54"}], "cloudfoundry": [{"id": "CFOUNDRY:E16D8E988420765C16BC608B63004B3D", "type": "cloudfoundry", "title": "CVE-2014-9130: LibYAML vulnerability - Cloud Foundry", "description": "CVE-2014-9130: LibYAML vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nLibYAML\n\n# Versions Affected\n\n * Cloud Foundry Ruby Buildpack versions prior to 1.6.25\n\n# Description\n\nStanis\u0142aw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * Upgrade the Ruby Buildpack to v1.6.25 [[1](<https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25>)] or later and restage all applications that use automated buildpack detection\n\n# Credit\n\nStanis\u0142aw Pitucha and Jonathan Gray\n\n# References\n\n * [1] <https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130>\n", "published": "2016-09-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.cloudfoundry.org/blog/cve-2014-9130/", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-01-12T14:52:49"}], "openvas": [{"id": "OPENVAS:1361412562310869165", "type": "openvas", "title": "Fedora Update for PyYAML FEDORA-2015-4642", "description": "Check the version of PyYAML", "published": "2015-04-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869165", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-25T10:53:50"}, {"id": "OPENVAS:1361412562310842047", "type": "openvas", "title": "Ubuntu Update for pyyaml USN-2461-3", "description": "Check the version of pyyaml", "published": "2015-01-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842047", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-04-30T14:06:19"}, {"id": "OPENVAS:1361412562310703102", "type": "openvas", "title": "Debian Security Advisory DSA 3102-1 (libyaml - security update)", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.", "published": "2014-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703102", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-04-06T11:11:24"}, {"id": "OPENVAS:703102", "type": "openvas", "title": "Debian Security Advisory DSA 3102-1 (libyaml - security update)", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.", "published": "2014-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703102", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-27T10:48:36"}, {"id": "OPENVAS:1361412562310868828", "type": "openvas", "title": "Fedora Update for libyaml FEDORA-2014-16073", "description": "Check the version of libyaml", "published": "2015-01-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868828", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-25T10:53:06"}, {"id": "OPENVAS:1361412562310869497", "type": "openvas", "title": "Fedora Update for PyYAML FEDORA-2015-5618", "description": "Check the version of PyYAML", "published": "2015-07-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869497", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-25T10:53:34"}, {"id": "OPENVAS:703103", "type": "openvas", "title": "Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.", "published": "2014-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703103", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-27T10:48:40"}, {"id": "OPENVAS:703115", "type": "openvas", "title": "Debian Security Advisory DSA 3115-1 (pyyaml - security update)", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in Python-YAML,\na YAML parser and emitter for Python. An attacker able to load specially crafted\nYAML input into an application using python-yaml could cause the application to\ncrash.", "published": "2014-12-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703115", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-25T10:48:30"}, {"id": "OPENVAS:1361412562310842052", "type": "openvas", "title": "Ubuntu Update for libyaml USN-2461-1", "description": "Check the version of libyaml", "published": "2015-01-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842052", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-04-30T14:01:45"}, {"id": "OPENVAS:1361412562310842064", "type": "openvas", "title": "Ubuntu Update for libyaml-libyaml-perl USN-2461-2", "description": "Check the version of libyaml-libyaml-perl", "published": "2015-01-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842064", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-04-30T14:03:10"}], "debian": [{"id": "DSA-3115", "type": "debian", "title": "pyyaml -- security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 3.10-4+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been fixed in version 3.11-2.\n\nFor the unstable distribution (sid), this problem has been fixed in version 3.11-2.\n\nWe recommend that you upgrade your pyyaml packages.", "published": "2014-12-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3115", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-02T18:20:13"}, {"id": "DSA-3103", "type": "debian", "title": "libyaml-libyaml-perl -- security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\nThis update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 0.38-3+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been fixed in version 0.41-6.\n\nFor the unstable distribution (sid), this problem has been fixed in version 0.41-6.\n\nWe recommend that you upgrade your libyaml-libyaml-perl packages.", "published": "2014-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3103", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-02T18:20:46"}, {"id": "DLA-127", "type": "debian", "title": "pyyaml -- LTS security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.\n\nFor Debian 6 Squeeze, these issues have been fixed in pyyaml version 3.09-5+deb6u1", "published": "2015-01-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-127", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-02T12:56:51"}, {"id": "DSA-3102", "type": "debian", "title": "libyaml -- security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u5.\n\nFor the upcoming stable distribution (jessie), this problem has been fixed in version 0.1.6-3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 0.1.6-3.\n\nWe recommend that you upgrade your libyaml packages.", "published": "2014-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3102", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-02T18:32:24"}, {"id": "DLA-110", "type": "debian", "title": "libyaml -- LTS security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\nFor Debian 6 Squeeze, these issues have been fixed in libyaml version 0.1.3-1+deb6u5", "published": "2014-12-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/2014/dla-110", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-02T12:56:31"}, {"id": "DLA-109", "type": "debian", "title": "libyaml-libyaml-perl -- LTS security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\nThis update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package.\n\nFor Debian 6 Squeeze, these issues have been fixed in libyaml-libyaml-perl version 0.33-1+squeeze4", "published": "2014-12-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/2014/dla-109", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-02T12:56:39"}], "nessus": [{"id": "FEDORA_2014-16266.NASL", "type": "nessus", "title": "Fedora 20 : perl-YAML-LibYAML-0.54-1.fc20 (2014-16266)", "description": "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-12-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79928", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:38:01"}, {"id": "UBUNTU_USN-2461-2.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : libyaml-libyaml-perl vulnerability (USN-2461-2)", "description": "Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-01-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80473", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:41:49"}, {"id": "DEBIAN_DLA-127.NASL", "type": "nessus", "title": "Debian DLA-127-1 : pyyaml security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-03-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82110", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:44:07"}, {"id": "FEDORA_2014-16130.NASL", "type": "nessus", "title": "Fedora 19 : libyaml-0.1.6-2.fc19 (2014-16130)", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-12-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79913", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:46:02"}, {"id": "ALA_ALAS-2015-481.NASL", "type": "nessus", "title": "Amazon Linux AMI : libyaml (ALAS-2015-481)", "description": "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130)", "published": "2015-02-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81327", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-04-19T08:13:43"}, {"id": "FEDORA_2015-4642.NASL", "type": "nessus", "title": "Fedora 21 : PyYAML-3.11-7.fc21 (2015-4642)", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-04-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82605", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:36:00"}, {"id": "UBUNTU_USN-2461-3.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : pyyaml vulnerability (USN-2461-3)", "description": "Stanislaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-01-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80474", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:35:08"}, {"id": "ALA_ALAS-2015-482.NASL", "type": "nessus", "title": "Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2015-482)", "description": "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.", "published": "2015-02-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81328", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-04-19T07:50:43"}, {"id": "FEDORA_2015-5618.NASL", "type": "nessus", "title": "Fedora 22 : PyYAML-3.11-7.fc22 (2015-5618)", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-04-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82964", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:37:59"}, {"id": "DEBIAN_DSA-3115.NASL", "type": "nessus", "title": "Debian DSA-3115-1 : pyyaml - security update", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.", "published": "2014-12-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80286", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-29T13:37:15"}], "amazon": [{"id": "ALAS-2015-482", "type": "amazon", "title": "Medium: perl-YAML-LibYAML", "description": "**Issue Overview:**\n\nAn assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\n \n**Affected Packages:** \n\n\nperl-YAML-LibYAML\n\n \n**Issue Correction:** \nRun _yum update perl-YAML-LibYAML_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n perl-YAML-LibYAML-0.59-1.16.amzn1.i686 \n perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.i686 \n \n src: \n perl-YAML-LibYAML-0.59-1.16.amzn1.src \n \n x86_64: \n perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.x86_64 \n perl-YAML-LibYAML-0.59-1.16.amzn1.x86_64 \n \n \n", "published": "2015-02-11T19:39:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-482.html", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-28T21:04:07"}, {"id": "ALAS-2015-481", "type": "amazon", "title": "Medium: libyaml", "description": "**Issue Overview:**\n\nAn assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. ([CVE-2014-9130 __](<https://access.redhat.com/security/cve/CVE-2014-9130>))\n\n \n**Affected Packages:** \n\n\nlibyaml\n\n \n**Issue Correction:** \nRun _yum update libyaml_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n libyaml-devel-0.1.6-6.7.amzn1.i686 \n libyaml-debuginfo-0.1.6-6.7.amzn1.i686 \n libyaml-0.1.6-6.7.amzn1.i686 \n \n src: \n libyaml-0.1.6-6.7.amzn1.src \n \n x86_64: \n libyaml-0.1.6-6.7.amzn1.x86_64 \n libyaml-devel-0.1.6-6.7.amzn1.x86_64 \n libyaml-debuginfo-0.1.6-6.7.amzn1.x86_64 \n \n \n", "published": "2015-02-11T19:38:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-481.html", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-28T21:04:02"}], "oraclelinux": [{"id": "ELSA-2015-0100", "type": "oraclelinux", "title": "libyaml security update", "description": "[0.1.3-4]\n- Add patch for CVE-2014-9130 (RHBZ#1169369)", "published": "2015-01-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0100.html", "cvelist": ["CVE-2014-9130"], "lastseen": "2016-09-04T11:16:08"}], "hackerone": [{"id": "H1:235842", "type": "hackerone", "title": "Ruby: Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML", "description": "libYAML 0.1.6 (and 0.1.5) has a DoS vulnerablitity known as [CVE-2014-9130](http://www.cvedetails.com/cve/CVE-2014-9130/).\nNow Ruby 2.4.x bundles fixed version 0.1.7, but 2.3.x and 2.2.x still bundle 0.1.6.\n\nNote that I'm the maintainer of Ruby 2.3.x and 2.2.x.\nTherefore, this report is a kind of remainder.", "published": "2017-06-02T14:29:02", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/235842", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-04-19T17:34:11"}], "ubuntu": [{"id": "USN-2461-2", "type": "ubuntu", "title": "libyaml-libyaml-perl vulnerability", "description": "Stanis\u00c5\u201aaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.", "published": "2015-01-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2461-2/", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-03-29T18:19:46"}, {"id": "USN-2461-3", "type": "ubuntu", "title": "PyYAML vulnerability", "description": "Stanis\u00c5\u201aaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.", "published": "2015-01-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2461-3/", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-03-29T18:18:43"}, {"id": "USN-2461-1", "type": "ubuntu", "title": "LibYAML vulnerability", "description": "Stanis\u00c5\u201aaw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.", "published": "2015-01-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2461-1/", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-03-29T18:18:10"}], "centos": [{"id": "CESA-2015:0100", "type": "centos", "title": "libyaml security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0100\n\n\nYAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020917.html\n\n**Affected packages:**\nlibyaml\nlibyaml-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0100.html", "published": "2015-01-28T22:40:28", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "cvelist": ["CVE-2014-9130"], "lastseen": "2017-10-03T18:24:55"}], "redhat": [{"id": "RHSA-2015:0112", "type": "redhat", "title": "(RHSA-2015:0112) Moderate: libyaml security update", "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n", "published": "2015-02-02T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0112", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-06-16T00:38:34"}, {"id": "RHSA-2015:0100", "type": "redhat", "title": "(RHSA-2015:0100) Moderate: libyaml security update", "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n", "published": "2015-01-28T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0100", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-06-06T18:05:47"}, {"id": "RHSA-2015:0260", "type": "redhat", "title": "(RHSA-2015:0260) Moderate: libyaml security update", "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.", "published": "2015-02-23T17:46:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0260", "cvelist": ["CVE-2014-9130"], "lastseen": "2018-06-06T23:50:48"}]}}