ID OPENVAS:1361412562310882111 Type openvas Reporter Copyright (C) 2015 Greenbone Networks GmbH Modified 2017-07-10T00:00:00
Description
Check the version of libyaml
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for libyaml CESA-2015:0100 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.882111");
script_version("$Revision: 6657 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)");
script_cve_id("CVE-2014-9130");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("CentOS Update for libyaml CESA-2015:0100 centos6 ");
script_tag(name: "summary", value: "Check the version of libyaml");
script_tag(name: "vuldetect", value: "Get the installed version with the help of detect NVT and check if the version is vulnerable or not.");
script_tag(name: "insight", value: "YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input into
an application using libyaml could cause the application to crash.
(CVE-2014-9130)
All libyaml users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
linked against the libyaml library must be restarted for this update to
take effect.
");
script_tag(name: "affected", value: "libyaml on CentOS 6");
script_tag(name: "solution", value: "Please Install the Updated Packages.");
script_xref(name: "CESA", value: "2015:0100");
script_xref(name: "URL" , value: "http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"libyaml", rpm:"libyaml~0.1.3~4.el6_6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libyaml-devel", rpm:"libyaml-devel~0.1.3~4.el6_6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310882111", "bulletinFamily": "scanner", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "description": "Check the version of libyaml", "published": "2015-01-29T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"], "cvelist": ["CVE-2014-9130"], "type": "openvas", "lastseen": "2018-09-01T23:50:45", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check the version of libyaml", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "3b50e49215d4398a79ea7c34b07477c1fe334d8b0ddc5a63e97ae2ef3330c2c0", "hashmap": [{"hash": "f3454ec03be77e072e667d6775658982", "key": "references"}, {"hash": "079461c242086ed7da57819d7dcd9599", "key": "sourceData"}, {"hash": "c87ad62cd93f06fc2abb1a93f2333b86", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "3d8d634cf2d0899c0d90aff4e213fae6", "key": "published"}, {"hash": "aff203d75a2b331ff1c78e8247d5430e", "key": "description"}, {"hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca", "key": "href"}, {"hash": "cc171bd0dbd89ba081b539913af77f15", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d631eeaaf1ec0346de745c0af8b22e85", "key": "pluginID"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "id": "OPENVAS:1361412562310882111", "lastseen": "2017-07-25T10:52:47", "modified": "2017-07-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882111", "published": "2015-01-29T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-07-25T10:52:47"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check the version of libyaml", "edition": 2, "enchantments": {}, "hash": "3c7e5c50faf99c2169c30250b5f28b35100376731a0f36ca346d4442c8aead93", "hashmap": [{"hash": "a1fe564ded490f632a08f2ddd9b2c25e", "key": "sourceData"}, {"hash": "f3454ec03be77e072e667d6775658982", "key": "references"}, {"hash": "c87ad62cd93f06fc2abb1a93f2333b86", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "3d8d634cf2d0899c0d90aff4e213fae6", "key": "published"}, {"hash": "aff203d75a2b331ff1c78e8247d5430e", "key": "description"}, {"hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca", "key": "href"}, {"hash": "cc171bd0dbd89ba081b539913af77f15", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d631eeaaf1ec0346de745c0af8b22e85", "key": "pluginID"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "e56ec8cb5c39a87184fdd02aa7a685e8", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "id": "OPENVAS:1361412562310882111", "lastseen": "2017-07-07T10:51:34", "modified": "2017-06-22T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882111", "published": "2015-01-29T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 6404 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-22 12:00:06 +0200 (Thu, 22 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-07-07T10:51:34"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check the version of libyaml", "edition": 1, "enchantments": {}, "hash": "70ddfa7d0a155e2f84474d72f4e4080d6706f50923d69d666324f4437d8dc943", "hashmap": [{"hash": "f3454ec03be77e072e667d6775658982", "key": "references"}, {"hash": "c87ad62cd93f06fc2abb1a93f2333b86", "key": "title"}, {"hash": "eda6b6cbd16377d59756673c52e7be00", "key": "modified"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "3d8d634cf2d0899c0d90aff4e213fae6", "key": "published"}, {"hash": "aff203d75a2b331ff1c78e8247d5430e", "key": "description"}, {"hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca", "key": "href"}, {"hash": "cc171bd0dbd89ba081b539913af77f15", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "2102ed89384876a1a3fe87189f672fc9", "key": "sourceData"}, {"hash": "d631eeaaf1ec0346de745c0af8b22e85", "key": "pluginID"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "id": "OPENVAS:1361412562310882111", "lastseen": "2017-07-02T21:11:47", "modified": "2016-05-17T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882111", "published": "2015-01-29T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 3327 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-17 10:03:06 +0200 (Tue, 17 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_summary(\"Check for the Version of libyaml\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:11:47"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of libyaml", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "795c3a44454a871ba195225bf781c3fa303ff74f97780bfefc18ec019f2ea116", "hashmap": [{"hash": "f3454ec03be77e072e667d6775658982", "key": "references"}, {"hash": "079461c242086ed7da57819d7dcd9599", "key": "sourceData"}, {"hash": "c87ad62cd93f06fc2abb1a93f2333b86", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "3d8d634cf2d0899c0d90aff4e213fae6", "key": "published"}, {"hash": "aff203d75a2b331ff1c78e8247d5430e", "key": "description"}, {"hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca", "key": "href"}, {"hash": "cc171bd0dbd89ba081b539913af77f15", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d631eeaaf1ec0346de745c0af8b22e85", "key": "pluginID"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882111", "id": "OPENVAS:1361412562310882111", "lastseen": "2018-08-30T19:22:16", "modified": "2017-07-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882111", "published": "2015-01-29T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "2015:0100"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "CentOS Update for libyaml CESA-2015:0100 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:22:16"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "cc171bd0dbd89ba081b539913af77f15"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "aff203d75a2b331ff1c78e8247d5430e"}, {"key": "href", "hash": "68f3b2a0bcfcd8a99bc2ac8a087f51ca"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "d631eeaaf1ec0346de745c0af8b22e85"}, {"key": "published", "hash": "3d8d634cf2d0899c0d90aff4e213fae6"}, {"key": "references", "hash": "f3454ec03be77e072e667d6775658982"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "079461c242086ed7da57819d7dcd9599"}, {"key": "title", "hash": "c87ad62cd93f06fc2abb1a93f2333b86"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "3b50e49215d4398a79ea7c34b07477c1fe334d8b0ddc5a63e97ae2ef3330c2c0", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libyaml CESA-2015:0100 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882111\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:47 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for libyaml CESA-2015:0100 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libyaml on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0100\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "CentOS Local Security Checks", "pluginID": "1361412562310882111"}
{"cve": [{"lastseen": "2017-12-09T11:24:54", "references": ["http://www.openwall.com/lists/oss-security/2014/11/28/1", "http://www.ubuntu.com/usn/USN-2461-2", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", "http://rhn.redhat.com/errata/RHSA-2015-0100.html", "http://www.openwall.com/lists/oss-security/2014/11/28/8", "http://www.ubuntu.com/usn/USN-2461-1", "http://www.ubuntu.com/usn/USN-2461-3", "http://secunia.com/advisories/62164", "http://secunia.com/advisories/62174", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242", "http://www.debian.org/security/2014/dsa-3102", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", "http://www.openwall.com/lists/oss-security/2014/11/29/3", "http://www.securityfocus.com/bid/71349", "http://advisories.mageia.org/MGASA-2014-0508.html", "https://puppet.com/security/cve/cve-2014-9130", "http://linux.oracle.com/errata/ELSA-2015-0100.html", "http://www.debian.org/security/2014/dsa-3103", "http://secunia.com/advisories/62176", "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure", "http://rhn.redhat.com/errata/RHSA-2015-0260.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047", "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2", "http://rhn.redhat.com/errata/RHSA-2015-0112.html", "http://www.debian.org/security/2014/dsa-3115", "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"], "edition": 4, "description": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.", "reporter": "NVD", "published": "2014-12-08T11:59:04", "title": "CVE-2014-9130", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9130"], "scanner": [], "cpe": ["cpe:/a:pyyaml:libyaml:0.1.6", "cpe:/a:pyyaml:libyaml:0.1.5"], "modified": "2017-12-08T21:29:03", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9130", "id": "CVE-2014-9130", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2018-12-10T23:35:00", "references": [], "description": "CVE-2014-9130: LibYAML vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nLibYAML\n\n# Versions Affected\n\n * Cloud Foundry Ruby Buildpack versions prior to 1.6.25\n\n# Description\n\nStanis\u0142aw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * Upgrade the Ruby Buildpack to v1.6.25 [[1](<https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25>)] or later and restage all applications that use automated buildpack detection\n\n# Credit\n\nStanis\u0142aw Pitucha and Jonathan Gray\n\n# References\n\n * [1] <https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130>\n", "edition": 23, "reporter": "Cloud Foundry", "published": "2016-09-21T00:00:00", "title": "CVE-2014-9130: LibYAML vulnerability | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2018-15754", "CVE-2014-9130"], "modified": "2016-09-21T00:00:00", "id": "CFOUNDRY:E16D8E988420765C16BC608B63004B3D", "href": "https://www.cloudfoundry.org/blog/cve-2014-9130/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:49:53", "references": ["2014-16073", "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146025.html"], "pluginID": "1361412562310868828", "description": "Check the version of libyaml", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-05T00:00:00", "title": "Fedora Update for libyaml FEDORA-2014-16073", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310868828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libyaml FEDORA-2014-16073\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868828\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:56:54 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for libyaml FEDORA-2014-16073\");\n script_tag(name: \"summary\", value: \"Check the version of libyaml\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and\nemitter written in C.\n\");\n script_tag(name: \"affected\", value: \"libyaml on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16073\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146025.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.6~6.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:05", "references": ["2015-5618", "https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155033.html"], "pluginID": "1361412562310869497", "description": "Check the version of PyYAML", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-07T00:00:00", "title": "Fedora Update for PyYAML FEDORA-2015-5618", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869497", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869497", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for PyYAML FEDORA-2015-5618\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869497\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:20:15 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for PyYAML FEDORA-2015-5618\");\n script_tag(name: \"summary\", value: \"Check the version of PyYAML\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. PyYAML is a YAML parser and\nemitter for Python.\n\nPyYAML features a complete YAML 1.1 parser, Unicode support, pickle\nsupport, capable extension API, and sensible error messages. PyYAML\nsupports standard YAML tags and provides Python-specific tags that\nallow to represent an arbitrary Python object.\n\nPyYAML is applicable for a broad range of tasks from complex\nconfiguration files to object serialization and persistence.\n\");\n script_tag(name: \"affected\", value: \"PyYAML on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-5618\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"PyYAML\", rpm:\"PyYAML~3.11~7.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:48:36", "references": ["http://www.debian.org/security/2014/dsa-3102.html"], "pluginID": "703102", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-13T00:00:00", "title": "Debian Security Advisory DSA 3102-1 (libyaml - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703102", "id": "OPENVAS:703102", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3102.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3102-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703102);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3102-1 (libyaml - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3102.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libyaml on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.1.4-2+deb7u5.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.1.6-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1.6-3.\n\nWe recommend that you upgrade your libyaml packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libyaml-0-2\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libyaml-0-2-dbg\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libyaml-dev\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:48:40", "references": ["http://www.debian.org/security/2014/dsa-3103.html"], "pluginID": "703103", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-13T00:00:00", "title": "Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703103", "id": "OPENVAS:703103", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3103.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3103-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703103);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3103.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libyaml-libyaml-perl on Debian Linux\");\n script_tag(name: \"insight\", value: \"YAML::LibYAML (or YAML::XS) is a Perl\ninterface to Kirill Siminov's libyaml library, a YAML Ain't Markup Language (YAML)\nimplementation written in C to support the YAML 1.1 specification. The provided\nDump and Load routines are compatible with the Perl YAML module\n(see libyaml-perl).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.38-3+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.41-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.41-6.\n\nWe recommend that you upgrade your libyaml-libyaml-perl packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libyaml-libyaml-perl\", ver:\"0.38-3+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:41", "references": ["2015-4642", "https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154277.html"], "pluginID": "1361412562310869165", "description": "Check the version of PyYAML", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-06T00:00:00", "title": "Fedora Update for PyYAML FEDORA-2015-4642", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869165", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869165", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for PyYAML FEDORA-2015-4642\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869165\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-06 07:12:30 +0200 (Mon, 06 Apr 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for PyYAML FEDORA-2015-4642\");\n script_tag(name: \"summary\", value: \"Check the version of PyYAML\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"YAML is a data serialization format\ndesigned for human readability and interaction with scripting languages.\nPyYAML is a YAML parser and emitter for Python.\n\nPyYAML features a complete YAML 1.1 parser, Unicode support, pickle support,\ncapable extension API, and sensible error messages. PyYAML supports standard\nYAML tags and provides Python-specific tags that allow to represent an arbitrary\nPython object.\n\nPyYAML is applicable for a broad range of tasks from complex configuration files\nto object serialization and persistence.\n\");\n script_tag(name: \"affected\", value: \"PyYAML on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4642\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154277.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"PyYAML\", rpm:\"PyYAML~3.11~7.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:55", "references": ["http://www.debian.org/security/2014/dsa-3102.html"], "pluginID": "1361412562310703102", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-13T00:00:00", "title": "Debian Security Advisory DSA 3102-1 (libyaml - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703102", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3102.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3102-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703102\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3102-1 (libyaml - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3102.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libyaml on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.1.4-2+deb7u5.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.1.6-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1.6-3.\n\nWe recommend that you upgrade your libyaml packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libyaml-0-2\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libyaml-0-2-dbg\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libyaml-dev\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:02:48", "references": ["2461-3", "http://www.ubuntu.com/usn/usn-2461-3/"], "pluginID": "1361412562310842047", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-23T00:00:00", "title": "Ubuntu Update for pyyaml USN-2461-3", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for pyyaml USN-2461-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842047\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:58:05 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for pyyaml USN-2461-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pyyaml'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Stanisł aw Pitucha and Jonathan Gray\ndiscovered that PyYAML did not properly handle wrapped strings. An attacker could\ncreate specially crafted YAML data to trigger an assert, causing a denial of\nservice.\");\n script_tag(name:\"affected\", value:\"pyyaml on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2461-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2461-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.11-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.11-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.10-4ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.10-4ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.10-2ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.10-2ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:30", "references": ["http://www.debian.org/security/2014/dsa-3115.html"], "pluginID": "703115", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in Python-YAML,\na YAML parser and emitter for Python. An attacker able to load specially crafted\nYAML input into an application using python-yaml could cause the application to\ncrash.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-29T00:00:00", "title": "Debian Security Advisory DSA 3115-1 (pyyaml - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703115", "id": "OPENVAS:703115", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3115.nasl 6637 2017-07-10 09:58:13Z teissa $\n# Auto-generated from advisory DSA 3115-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703115);\n script_version(\"$Revision: 6637 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3115-1 (pyyaml - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-29 00:00:00 +0100 (Mon, 29 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3115.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"pyyaml on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 3.10-4+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.11-2.\n\nWe recommend that you upgrade your pyyaml packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in Python-YAML,\na YAML parser and emitter for Python. An attacker able to load specially crafted\nYAML input into an application using python-yaml could cause the application to\ncrash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-yaml-dbg\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-yaml-dbg\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:59", "references": ["http://www.debian.org/security/2014/dsa-3103.html"], "pluginID": "1361412562310703103", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-13T00:00:00", "title": "Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703103", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3103.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3103-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703103\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3103.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libyaml-libyaml-perl on Debian Linux\");\n script_tag(name: \"insight\", value: \"YAML::LibYAML (or YAML::XS) is a Perl\ninterface to Kirill Siminov's libyaml library, a YAML Ain't Markup Language (YAML)\nimplementation written in C to support the YAML 1.1 specification. The provided\nDump and Load routines are compatible with the Perl YAML module\n(see libyaml-perl).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.38-3+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.41-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.41-6.\n\nWe recommend that you upgrade your libyaml-libyaml-perl packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libyaml-libyaml-perl\", ver:\"0.38-3+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:33", "references": ["http://www.debian.org/security/2014/dsa-3115.html"], "pluginID": "1361412562310703115", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in Python-YAML,\na YAML parser and emitter for Python. An attacker able to load specially crafted\nYAML input into an application using python-yaml could cause the application to\ncrash.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-29T00:00:00", "title": "Debian Security Advisory DSA 3115-1 (pyyaml - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703115", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3115.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3115-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703115\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3115-1 (pyyaml - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-29 00:00:00 +0100 (Mon, 29 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3115.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"pyyaml on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 3.10-4+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.11-2.\n\nWe recommend that you upgrade your pyyaml packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in Python-YAML,\na YAML parser and emitter for Python. An attacker able to load specially crafted\nYAML input into an application using python-yaml could cause the application to\ncrash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-yaml-dbg\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-yaml-dbg\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:51:56", "references": ["https://alas.aws.amazon.com/ALAS-2015-482.html"], "pluginID": "81328", "description": "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.", "edition": 5, "reporter": "Tenable", "published": "2015-02-13T00:00:00", "title": "Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2015-482)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:perl-YAML-LibYAML-debuginfo", "p-cpe:/a:amazon:linux:perl-YAML-LibYAML", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-482.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81328", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-482.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81328);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"ALAS\", value:\"2015-482\");\n\n script_name(english:\"Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2015-482)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-482.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update perl-YAML-LibYAML' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-YAML-LibYAML\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-YAML-LibYAML-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"perl-YAML-LibYAML-0.59-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-YAML-LibYAML / perl-YAML-LibYAML-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:39:55", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1204829", "http://www.nessus.org/u?56f353f6"], "pluginID": "82605", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-04-07T00:00:00", "title": "Fedora 21 : PyYAML-3.11-7.fc21 (2015-4642)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:PyYAML"], "id": "FEDORA_2015-4642.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4642.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82605);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2015-4642\");\n\n script_name(english:\"Fedora 21 : PyYAML-3.11-7.fc21 (2015-4642)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1204829\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56f353f6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected PyYAML package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:PyYAML\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"PyYAML-3.11-7.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PyYAML\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:06", "references": ["https://alas.aws.amazon.com/ALAS-2015-481.html"], "pluginID": "81327", "description": "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130)", "edition": 5, "reporter": "Tenable", "published": "2015-02-13T00:00:00", "title": "Amazon Linux AMI : libyaml (ALAS-2015-481)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libyaml-devel", "p-cpe:/a:amazon:linux:libyaml", "p-cpe:/a:amazon:linux:libyaml-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-481.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81327", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-481.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81327);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"ALAS\", value:\"2015-481\");\n script_xref(name:\"RHSA\", value:\"2015:0100\");\n\n script_name(english:\"Amazon Linux AMI : libyaml (ALAS-2015-481)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash. (CVE-2014-9130)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-481.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libyaml' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libyaml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libyaml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libyaml-0.1.6-6.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libyaml-debuginfo-0.1.6-6.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libyaml-devel-0.1.6-6.7.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml / libyaml-debuginfo / libyaml-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-02T15:25:06", "references": ["https://usn.ubuntu.com/2461-3/"], "pluginID": "80474", "description": "Stanislaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-01-13T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : pyyaml vulnerability (USN-2461-3)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-yaml", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:python3-yaml", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2461-3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2461-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80474);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_bugtraq_id(71349);\n script_xref(name:\"USN\", value:\"2461-3\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : pyyaml vulnerability (USN-2461-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stanislaw Pitucha and Jonathan Gray discovered that PyYAML did not\nproperly handle wrapped strings. An attacker could create specially\ncrafted YAML data to trigger an assert, causing a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2461-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-yaml and / or python3-yaml packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-yaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-yaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python-yaml\", pkgver:\"3.10-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3-yaml\", pkgver:\"3.10-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-yaml\", pkgver:\"3.10-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3-yaml\", pkgver:\"3.10-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python-yaml\", pkgver:\"3.11-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3-yaml\", pkgver:\"3.11-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-yaml / python3-yaml\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:20", "references": ["https://lists.debian.org/debian-lts-announce/2015/01/msg00000.html", "https://packages.debian.org/source/squeeze-lts/pyyaml"], "pluginID": "82110", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-03-26T00:00:00", "title": "Debian DLA-127-1 : pyyaml security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:python-yaml", "p-cpe:/a:debian:debian_linux:python3-yaml-dbg", "p-cpe:/a:debian:debian_linux:python-yaml-dbg", "p-cpe:/a:debian:debian_linux:python3-yaml"], "id": "DEBIAN_DLA-127.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82110", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-127-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82110);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_bugtraq_id(71349);\n\n script_name(english:\"Debian DLA-127-1 : pyyaml security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in Python-YAML, a YAML parser and\nemitter for Python. An attacker able to load specially crafted YAML\ninput into an application using python-yaml could cause the\napplication to crash.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/01/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/pyyaml\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-yaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-yaml-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-yaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-yaml-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"python-yaml\", reference:\"3.09-5+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-yaml-dbg\", reference:\"3.09-5+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python3-yaml\", reference:\"3.09-5+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python3-yaml-dbg\", reference:\"3.09-5+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:13", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1169369", "http://www.nessus.org/u?7ab626bd"], "pluginID": "79928", "description": "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "Fedora 20 : perl-YAML-LibYAML-0.54-1.fc20 (2014-16266)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:perl-YAML-LibYAML", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-16266.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16266.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79928);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2014-16266\");\n\n script_name(english:\"Fedora 20 : perl-YAML-LibYAML-0.54-1.fc20 (2014-16266)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169369\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146122.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ab626bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-YAML-LibYAML package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-YAML-LibYAML\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"perl-YAML-LibYAML-0.54-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-YAML-LibYAML\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:46", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1169369", "http://www.nessus.org/u?fbdcd472"], "pluginID": "79913", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "Fedora 19 : libyaml-0.1.6-2.fc19 (2014-16130)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libyaml", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-16130.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79913", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16130.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79913);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:29 $\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2014-16130\");\n\n script_name(english:\"Fedora 19 : libyaml-0.1.6-2.fc19 (2014-16130)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169369\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146084.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbdcd472\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libyaml package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"libyaml-0.1.6-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-02T15:39:19", "references": ["https://usn.ubuntu.com/2461-2/"], "pluginID": "80473", "description": "Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-01-13T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : libyaml-libyaml-perl vulnerability (USN-2461-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2018-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:libyaml-libyaml-perl", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2461-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2461-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80473);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_bugtraq_id(71349);\n script_xref(name:\"USN\", value:\"2461-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : libyaml-libyaml-perl vulnerability (USN-2461-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stanislaw Pitucha and Jonathan Gray discovered that\nlibyaml-libyaml-perl did not properly handle wrapped strings. An\nattacker could create specially crafted YAML data to trigger an\nassert, causing a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2461-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libyaml-libyaml-perl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libyaml-libyaml-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libyaml-libyaml-perl\", pkgver:\"0.38-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libyaml-libyaml-perl\", pkgver:\"0.41-5ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libyaml-libyaml-perl\", pkgver:\"0.41-5ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml-libyaml-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:32:52", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1169369", "http://www.nessus.org/u?85678868"], "pluginID": "79914", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "Fedora 20 : libyaml-0.1.6-2.fc20 (2014-16132)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libyaml", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-16132.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16132.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79914);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:29 $\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2014-16132\");\n\n script_name(english:\"Fedora 20 : libyaml-0.1.6-2.fc20 (2014-16132)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169369\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146130.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?85678868\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libyaml package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"libyaml-0.1.6-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:07", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1204829", "http://www.nessus.org/u?7c75b2e2"], "pluginID": "82964", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-04-22T00:00:00", "title": "Fedora 22 : PyYAML-3.11-7.fc22 (2015-5618)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:PyYAML", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-5618.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82964", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5618.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82964);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2015-5618\");\n\n script_name(english:\"Fedora 22 : PyYAML-3.11-7.fc22 (2015-5618)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1204829\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155033.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c75b2e2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected PyYAML package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:PyYAML\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"PyYAML-3.11-7.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PyYAML\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-07-24T18:40:13", "references": [], "bounty": 0.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/007/724/36e273f967b252ae8b4051d09ffc08f7de16d7d5_small.png?1449271894", "medium": "https://profile-photos.hackerone-user-content.com/000/007/724/0c1556227f51c9b2b13ada11ccd2fb02cc9fa257_medium.png?1449271894"}, "handle": "ruby", "url": "https://hackerone.com/ruby"}, "bountyState": "resolved", "description": "libYAML 0.1.6 (and 0.1.5) has a DoS vulnerablitity known as [CVE-2014-9130](http://www.cvedetails.com/cve/CVE-2014-9130/).\nNow Ruby 2.4.x bundles fixed version 0.1.7, but 2.3.x and 2.2.x still bundle 0.1.6.\n\nNote that I'm the maintainer of Ruby 2.3.x and 2.2.x.\nTherefore, this report is a kind of remainder.", "edition": 4, "reporter": "usa", "published": "2017-06-02T14:29:02", "title": "Ruby: Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML", "type": "hackerone", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "h1reporter": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/084/616/761254e8d466874225347224ac8e27babe80ea86_small.png?1532440230"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/usa", "username": "usa"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2014-9130"], "modified": "2017-10-25T13:58:30", "id": "H1:235842", "href": "https://hackerone.com/reports/235842", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2018-10-16T22:15:07", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "0.1.3-1+deb6u5", "arch": "all", "packageFilename": "libyaml-0-2_0.1.3-1+deb6u5_all.deb", "packageName": "libyaml-0-2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "0.1.3-1+deb6u5", "arch": "all", "packageFilename": "libyaml-dev_0.1.3-1+deb6u5_all.deb", "packageName": "libyaml-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "0.1.3-1+deb6u5", "arch": "all", "packageFilename": "libyaml_0.1.3-1+deb6u5_all.deb", "packageName": "libyaml", "operator": "lt"}], "description": "Package : libyaml\nVersion : 0.1.3-1+deb6u5\nCVE ID : CVE-2014-9130\nDebian Bug : 771366\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\n", "edition": 1, "reporter": "Debian", "published": "2014-12-14T14:00:28", "title": "[SECURITY] [DLA 110-1] libyaml security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:15:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-14T14:00:28", "id": "DEBIAN:DLA-110-1:AFE46", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00012.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:00", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "0.38-3+deb7u3", "arch": "all", "packageFilename": "libyaml-libyaml-perl_0.38-3+deb7u3_all.deb", "packageName": "libyaml-libyaml-perl", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3103-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 13, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libyaml-libyaml-perl\nCVE ID : CVE-2014-9130\nDebian Bug : 771365\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.38-3+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.41-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.41-6.\n\nWe recommend that you upgrade your libyaml-libyaml-perl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2014-12-13T16:34:25", "title": "[SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:00", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-13T16:34:25", "id": "DEBIAN:DSA-3103-1:F01D7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00293.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:50:19", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "3.10-4+deb7u1", "arch": "all", "packageFilename": "pyyaml_3.10-4+deb7u1_all.deb", "packageName": "pyyaml", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3115-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 29, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pyyaml\nCVE ID : CVE-2014-9130\nDebian Bug : 772815\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the \nway wrapped strings are parsed in Python-YAML, a YAML parser and emitter \nfor Python. An attacker able to load specially crafted YAML input into an\napplication using python-yaml could cause the application to crash.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.10-4+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.11-2.\n\nWe recommend that you upgrade your pyyaml packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-12-29T21:34:56", "title": "[SECURITY] [DSA 3115-1] pyyaml security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:19", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-29T21:34:56", "id": "DEBIAN:DSA-3115-1:AC152", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00306.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:29", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "0.33-1+squeeze4", "arch": "all", "packageFilename": "libyaml-libyaml-perl_0.33-1+squeeze4_all.deb", "packageName": "libyaml-libyaml-perl", "operator": "lt"}], "description": "Package : libyaml-libyaml-perl\nVersion : 0.33-1+squeeze4\nCVE ID : CVE-2014-9130\nDebian Bug : 771365\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\n", "edition": 1, "reporter": "Debian", "published": "2014-12-14T14:00:37", "title": "[SECURITY] [DLA 109-1] libyaml-libyaml-perl security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:29", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-14T14:00:37", "id": "DEBIAN:DLA-109-1:B53DC", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00013.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:48:46", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "0.1.4-2+deb7u5", "arch": "all", "packageFilename": "libyaml_0.1.4-2+deb7u5_all.deb", "packageName": "libyaml", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3102-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 13, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libyaml\nCVE ID : CVE-2014-9130\nDebian Bug : 771366\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.1.4-2+deb7u5.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.1.6-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1.6-3.\n\nWe recommend that you upgrade your libyaml packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-12-13T16:34:07", "title": "[SECURITY] [DSA 3102-1] libyaml security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:48:46", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-13T16:34:07", "id": "DEBIAN:DSA-3102-1:AA5CC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00292.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:12:51", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "3.09-5+deb6u1", "arch": "all", "packageFilename": "python-yaml_3.09-5+deb6u1_all.deb", "packageName": "python-yaml", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.09-5+deb6u1", "arch": "all", "packageFilename": "python-yaml-dbg_3.09-5+deb6u1_all.deb", "packageName": "python-yaml-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.09-5+deb6u1", "arch": "all", "packageFilename": "python3-yaml-dbg_3.09-5+deb6u1_all.deb", "packageName": "python3-yaml-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.09-5+deb6u1", "arch": "all", "packageFilename": "pyyaml_3.09-5+deb6u1_all.deb", "packageName": "pyyaml", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.09-5+deb6u1", "arch": "all", "packageFilename": "python3-yaml_3.09-5+deb6u1_all.deb", "packageName": "python3-yaml", "operator": "lt"}], "description": "Package : pyyaml\nVersion : 3.09-5+deb6u1\nCVE ID : CVE-2014-9130\nDebian Bug : 772815\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in Python-YAML, a YAML parser and emitter\nfor Python. An attacker able to load specially crafted YAML input into an\napplication using python-yaml could cause the application to crash.\n", "edition": 1, "reporter": "Debian", "published": "2015-01-03T18:15:39", "title": "[SECURITY] [DLA 127-1] pyyaml security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:12:51", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-01-03T18:15:39", "id": "DEBIAN:DLA-127-1:05C33", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201501/msg00000.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:35", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "src", "packageFilename": "libyaml-0.1.4-11.el7_0.src.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "x86_64", "packageFilename": "libyaml-0.1.4-11.el7_0.x86_64.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "x86_64", "packageFilename": "libyaml-devel-0.1.4-11.el7_0.x86_64.rpm", "packageName": "libyaml-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "x86_64", "packageFilename": "libyaml-0.1.3-4.el6_6.x86_64.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "x86_64", "packageFilename": "libyaml-devel-0.1.3-4.el6_6.x86_64.rpm", "packageName": "libyaml-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "src", "packageFilename": "libyaml-0.1.3-4.el6_6.src.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "src", "packageFilename": "libyaml-0.1.3-4.el6_6.src.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageFilename": "libyaml-devel-0.1.3-4.el6_6.i686.rpm", "packageName": "libyaml-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageFilename": "libyaml-devel-0.1.3-4.el6_6.i686.rpm", "packageName": "libyaml-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "i686", "packageFilename": "libyaml-0.1.4-11.el7_0.i686.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageFilename": "libyaml-0.1.3-4.el6_6.i686.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageFilename": "libyaml-0.1.3-4.el6_6.i686.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "i686", "packageFilename": "libyaml-devel-0.1.4-11.el7_0.i686.rpm", "packageName": "libyaml-devel", "operator": "lt"}], "description": "[0.1.3-4]\n- Add patch for CVE-2014-9130 (RHBZ#1169369)", "edition": 3, "reporter": "Oracle", "published": "2015-01-28T00:00:00", "title": "libyaml security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-01-28T00:00:00", "id": "ELSA-2015-0100", "href": "http://linux.oracle.com/errata/ELSA-2015-0100.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:18", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.59-1.16.amzn1", "arch": "i686", "packageFilename": "perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.i686.rpm", "packageName": "perl-YAML-LibYAML-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.59-1.16.amzn1", "arch": "i686", "packageFilename": "perl-YAML-LibYAML-0.59-1.16.amzn1.i686.rpm", "packageName": "perl-YAML-LibYAML", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.59-1.16.amzn1", "arch": "src", "packageFilename": "perl-YAML-LibYAML-0.59-1.16.amzn1.src.rpm", "packageName": "perl-YAML-LibYAML", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.59-1.16.amzn1", "arch": "x86_64", "packageFilename": "perl-YAML-LibYAML-0.59-1.16.amzn1.x86_64.rpm", "packageName": "perl-YAML-LibYAML", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.59-1.16.amzn1", "arch": "x86_64", "packageFilename": "perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.x86_64.rpm", "packageName": "perl-YAML-LibYAML-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\n \n**Affected Packages:** \n\n\nperl-YAML-LibYAML\n\n \n**Issue Correction:** \nRun _yum update perl-YAML-LibYAML_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n perl-YAML-LibYAML-0.59-1.16.amzn1.i686 \n perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.i686 \n \n src: \n perl-YAML-LibYAML-0.59-1.16.amzn1.src \n \n x86_64: \n perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.x86_64 \n perl-YAML-LibYAML-0.59-1.16.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-02-11T19:54:00", "title": "Medium: perl-YAML-LibYAML", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:18", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-02-11T19:54:00", "id": "ALAS-2015-482", "href": "https://alas.aws.amazon.com/ALAS-2015-482.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:05", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0100.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.1.6-6.7.amzn1", "arch": "x86_64", "packageFilename": "libyaml-debuginfo-0.1.6-6.7.amzn1.x86_64.rpm", "packageName": "libyaml-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.1.6-6.7.amzn1", "arch": "x86_64", "packageFilename": "libyaml-0.1.6-6.7.amzn1.x86_64.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.1.6-6.7.amzn1", "arch": "i686", "packageFilename": "libyaml-debuginfo-0.1.6-6.7.amzn1.i686.rpm", "packageName": "libyaml-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.1.6-6.7.amzn1", "arch": "i686", "packageFilename": "libyaml-devel-0.1.6-6.7.amzn1.i686.rpm", "packageName": "libyaml-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.1.6-6.7.amzn1", "arch": "x86_64", "packageFilename": "libyaml-devel-0.1.6-6.7.amzn1.x86_64.rpm", "packageName": "libyaml-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.1.6-6.7.amzn1", "arch": "i686", "packageFilename": "libyaml-0.1.6-6.7.amzn1.i686.rpm", "packageName": "libyaml", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.1.6-6.7.amzn1", "arch": "src", "packageFilename": "libyaml-0.1.6-6.7.amzn1.src.rpm", "packageName": "libyaml", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. ([CVE-2014-9130 __](<https://access.redhat.com/security/cve/CVE-2014-9130>))\n\n \n**Affected Packages:** \n\n\nlibyaml\n\n \n**Issue Correction:** \nRun _yum update libyaml_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libyaml-devel-0.1.6-6.7.amzn1.i686 \n libyaml-debuginfo-0.1.6-6.7.amzn1.i686 \n libyaml-0.1.6-6.7.amzn1.i686 \n \n src: \n libyaml-0.1.6-6.7.amzn1.src \n \n x86_64: \n libyaml-0.1.6-6.7.amzn1.x86_64 \n libyaml-devel-0.1.6-6.7.amzn1.x86_64 \n libyaml-debuginfo-0.1.6-6.7.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-02-11T19:50:00", "title": "Medium: libyaml", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:05", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-02-11T19:50:00", "id": "ALAS-2015-481", "href": "https://alas.aws.amazon.com/ALAS-2015-481.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:08", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9130", "https://usn.ubuntu.com/usn/usn-2461-1"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "3.11-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3-yaml", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.10-2ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python-yaml", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.10-2ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3-yaml", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.10-4ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python-yaml", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.10-4ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3-yaml", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "3.11-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python-yaml", "operator": "lt"}], "description": "Stanis\u00c5\u201aaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.", "edition": 3, "reporter": "Ubuntu", "published": "2015-01-12T00:00:00", "title": "PyYAML vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-01-12T00:00:00", "id": "USN-2461-3", "href": "https://usn.ubuntu.com/2461-3/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:13", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9130", "https://usn.ubuntu.com/usn/usn-2461-1"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "0.38-2ubuntu0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libyaml-libyaml-perl", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "0.41-5ubuntu0.14.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libyaml-libyaml-perl", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "0.41-5ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libyaml-libyaml-perl", "operator": "lt"}], "description": "Stanis\u00c5\u201aaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.", "edition": 3, "reporter": "Ubuntu", "published": "2015-01-12T00:00:00", "title": "libyaml-libyaml-perl vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-01-12T00:00:00", "id": "USN-2461-2", "href": "https://usn.ubuntu.com/2461-2/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:10:01", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9130"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "0.1.4-3ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libyaml-0-2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "0.1.4-2ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libyaml-0-2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "0.1.6-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libyaml-0-2", "operator": "lt"}], "description": "Stanis\u00c5\u201aaw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.", "edition": 3, "reporter": "Ubuntu", "published": "2015-01-12T00:00:00", "title": "LibYAML vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-01-12T00:00:00", "id": "USN-2461-1", "href": "https://usn.ubuntu.com/2461-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3102-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nDecember 13, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libyaml\r\nCVE ID : CVE-2014-9130\r\nDebian Bug : 771366\r\n\r\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\r\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\r\nemitter library. An attacker able to load specially crafted YAML input\r\ninto an application using libyaml could cause the application to crash.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 0.1.4-2+deb7u5.\r\n\r\nFor the upcoming stable distribution (jessie), this problem has been\r\nfixed in version 0.1.6-3.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.1.6-3.\r\n\r\nWe recommend that you upgrade your libyaml packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJUjGn5AAoJEAVMuPMTQ89ExH8P/2FcLa73V16IO4oAXORm7JE5\r\nQcaRDkwBTu9dE4tADR8rMifiUWWmqXe3S0mgO/3M3sdWU3lfRhQfNAVMKTcMKb+U\r\nZ4s4N4eJS7cU0eX8nHnODT0jffbIe/czRnNBhfmAQLprY2FhKfcJZ7JKLwQ6AHhI\r\nLcMIlPK/WOh4ekwftgRKBTn2/lu8gzYMYhxabxxWDK91ZW+AmJ6/x6xyueID0jVj\r\nFSJrfY7Hdpz18rJtOJy7DsUbs/izSGZGfLD5cGdqllN3ehzQi618L12BCB89JATH\r\nOGGeEAQEW0xLxailyb061R6fG8n8yWtI+5ywhFJZNrKKKrSOPKK8VVBO5xPsqYZP\r\nVklyrDIzu4Yn+q1PPiDC9yDo80IDi8Y4wV3q0ZC1rAc936y5ctSPkfa+di5Bb9Ut\r\ntYlHEPv5Cl5jS1JcZiGd6x9WnfsEvWufknPpLF5nn7U6wFoH55buLyEYSXSWopBg\r\n3vG+9MyKIucjjCfkZZ+NzZOvFGA3tNpZBbL6xxbN5mGrlqIRAnXllUpqkl5grT5/\r\n4FZr33dG8KY5E3/EZKZLogA8/WIKOPDBVoamC36pHQCT5ImsLelSXrjkF8H3zuXO\r\ny4Byy6442ZwtJB6s1SYfAnxxjvTdtXoAPR/t500clbD2NGVWbRe7b2dYRXMsI7e6\r\nD0k2GpaX349qlGgNTho+\r\n=bJHo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-12-22T00:00:00", "title": "[SECURITY] [DSA 3102-1] libyaml security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:56", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-9130"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31539", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31539", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31539"], "description": "Assertion on strings parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-12-22T00:00:00", "title": "libYAML DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:58", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "LibYAML", "version": "0.1", "operator": "eq"}], "cvelist": ["CVE-2014-9130"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:VULN:14168", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14168", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:19", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "src", "packageName": "libyaml", "packageFilename": "libyaml-0.1.3-4.el6_6.src.rpm", "operator": "lt"}], "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.", "reporter": "RedHat", "published": "2015-02-23T17:46:35", "type": "redhat", "title": "(RHSA-2015:0260) Moderate: libyaml security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:47:54", "id": "RHSA-2015:0260", "href": "https://access.redhat.com/errata/RHSA-2015:0260", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:43:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageName": "libyaml-debuginfo", "packageFilename": "libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm", "operator": "lt"}], "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n", "reporter": "RedHat", "published": "2015-01-28T05:00:00", "type": "redhat", "title": "(RHSA-2015:0100) Moderate: libyaml security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:23", "id": "RHSA-2015:0100", "href": "https://access.redhat.com/errata/RHSA-2015:0100", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T21:41:41", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageName": "libyaml-debuginfo", "packageFilename": "libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm", "operator": "lt"}], "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n", "reporter": "RedHat", "published": "2015-02-02T05:00:00", "type": "redhat", "title": "(RHSA-2015:0112) Moderate: libyaml security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:20", "id": "RHSA-2015:0112", "href": "https://access.redhat.com/errata/RHSA-2015:0112", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:55", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0100.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "x86_64", "packageName": "libyaml", "packageFilename": "libyaml-0.1.3-4.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "x86_64", "packageName": "libyaml-devel", "packageFilename": "libyaml-devel-0.1.3-4.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "any", "packageName": "libyaml", "packageFilename": "libyaml-0.1.3-4.el6_6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageName": "libyaml", "packageFilename": "libyaml-0.1.3-4.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageName": "libyaml", "packageFilename": "libyaml-0.1.3-4.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "any", "packageName": "libyaml", "packageFilename": "libyaml-0.1.4-11.el7_0.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "i686", "packageName": "libyaml-devel", "packageFilename": "libyaml-devel-0.1.4-11.el7_0.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "x86_64", "packageName": "libyaml-devel", "packageFilename": "libyaml-devel-0.1.4-11.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "x86_64", "packageName": "libyaml", "packageFilename": "libyaml-0.1.4-11.el7_0.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageName": "libyaml-devel", "packageFilename": "libyaml-devel-0.1.3-4.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.1.3-4.el6_6", "arch": "i686", "packageName": "libyaml-devel", "packageFilename": "libyaml-devel-0.1.3-4.el6_6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.1.4-11.el7_0", "arch": "i686", "packageName": "libyaml", "packageFilename": "libyaml-0.1.4-11.el7_0.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0100\n\n\nYAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020909.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020917.html\n\n**Affected packages:**\nlibyaml\nlibyaml-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0100.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-01-28T22:40:28", "title": "libyaml security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "modified": "2015-01-30T00:21:21", "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/020909.html", "id": "CESA-2015:0100", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
