Search...

Debian Security Advisory DSA 3102-1 (libyaml - security update)

2014-12-13T00:00:00

ID OPENVAS:703102
Type openvas
Reporter Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net
Modified 2017-07-12T00:00:00

Description

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_3102.nasl 6692 2017-07-12 09:57:43Z teissa $
# Auto-generated from advisory DSA 3102-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703102);
    script_version("$Revision: 6692 $");
    script_cve_id("CVE-2014-9130");
    script_name("Debian Security Advisory DSA 3102-1 (libyaml - security update)");
    script_tag(name: "last_modification", value: "$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $");
    script_tag(name: "creation_date", value: "2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)");
    script_tag(name:"cvss_base", value:"5.0");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
    script_tag(name: "solution_type", value: "VendorFix");

    script_xref(name: "URL", value: "http://www.debian.org/security/2014/dsa-3102.html");


    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "libyaml on Debian Linux");
    script_tag(name: "solution",  value: "For the stable distribution (wheezy),
this problem has been fixed in version 0.1.4-2+deb7u5.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 0.1.6-3.

For the unstable distribution (sid), this problem has been fixed in
version 0.1.6-3.

We recommend that you upgrade your libyaml packages.");
    script_tag(name: "summary",   value: "Jonathan Gray and Stanislaw Pitucha
found an assertion failure in the way wrapped strings are parsed in LibYAML,
a fast YAML 1.1 parser and emitter library. An attacker able to load specially
crafted YAML input into an application using libyaml could cause the application
to crash.");
    script_tag(name: "vuldetect", value: "This check tests the installed software
version using the apt package manager.");
    script_tag(name:"qod_type", value:"package");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libyaml-0-2", ver:"0.1.4-2+deb7u5", rls_regex:"DEB7.[0-9]")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libyaml-0-2-dbg", ver:"0.1.4-2+deb7u5", rls_regex:"DEB7.[0-9]")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libyaml-dev", ver:"0.1.4-2+deb7u5", rls_regex:"DEB7.[0-9]")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:703102", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 3102-1 (libyaml - security update)", "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.", "published": "2014-12-13T00:00:00", "modified": "2017-07-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703102", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-3102.html"], "cvelist": ["CVE-2014-9130"], "lastseen": "2017-07-27T10:48:36", "viewCount": 0, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2017-07-27T10:48:36", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9130"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E16D8E988420765C16BC608B63004B3D"]}, {"type": "debian", "idList": ["DEBIAN:DLA-109-1:B53DC", "DEBIAN:DLA-110-1:AFE46", "DEBIAN:DSA-3115-1:AC152", "DEBIAN:DLA-127-1:05C33", "DEBIAN:DSA-3102-1:AA5CC", "DEBIAN:DSA-3103-1:F01D7"]}, {"type": "redhat", "idList": ["RHSA-2015:0100", "RHSA-2015:0260", "RHSA-2015:0112"]}, {"type": "centos", "idList": ["CESA-2015:0100"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31539", "SECURITYVULNS:VULN:14168"]}, {"type": "hackerone", "idList": ["H1:235842"]}, {"type": "fedora", "idList": ["FEDORA:C2D0060CA53E", "FEDORA:0FCC46087AC1", "FEDORA:E551360D2AB7", "FEDORA:5C63B60DF38D", "FEDORA:0679160D4B6D", "FEDORA:605506087ECF", "FEDORA:8AE9D60CD842", "FEDORA:8A8906015E29", "FEDORA:DCAF560608FA"]}, {"type": "ubuntu", "idList": ["USN-2461-1", "USN-2461-2", "USN-2461-3"]}, {"type": "amazon", "idList": ["ALAS-2015-482", "ALAS-2015-481"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0100"]}, {"type": "nessus", "idList": ["FEDORA_2015-4477.NASL", "UBUNTU_USN-2461-1.NASL", "ALA_ALAS-2015-482.NASL", "FEDORA_2015-5618.NASL", "MANDRIVA_MDVSA-2014-242.NASL", "FEDORA_2014-16073.NASL", "FEDORA_2015-4642.NASL", "SL_20150128_LIBYAML_ON_SL6_X.NASL", "OPENSUSE-2014-765.NASL", "ALA_ALAS-2015-481.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703102", "OPENVAS:703103", "OPENVAS:1361412562310871310", "OPENVAS:1361412562310703103", "OPENVAS:1361412562310869197", "OPENVAS:1361412562310842064", "OPENVAS:1361412562310123195", "OPENVAS:1361412562310868828", "OPENVAS:1361412562310869497", "OPENVAS:1361412562310842047"]}], "modified": "2017-07-27T10:48:36", "rev": 2}, "vulnersScore": 5.4}, "pluginID": "703102", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3102.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3102-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703102);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3102-1 (libyaml - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3102.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libyaml on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.1.4-2+deb7u5.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.1.6-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1.6-3.\n\nWe recommend that you upgrade your libyaml packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libyaml-0-2\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libyaml-0-2-dbg\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libyaml-dev\", ver:\"0.1.4-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T12:01:23", "description": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.", "edition": 3, "cvss3": {}, "published": "2014-12-08T16:59:00", "title": "CVE-2014-9130", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9130"], "modified": "2017-12-09T02:29:00", "cpe": ["cpe:/a:pyyaml:libyaml:0.1.6", "cpe:/a:pyyaml:libyaml:0.1.5"], "id": "CVE-2014-9130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9130", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:pyyaml:libyaml:0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:pyyaml:libyaml:0.1.6:*:*:*:*:*:*:*"]}], "cloudfoundry": [{"lastseen": "2021-01-22T20:01:26", "bulletinFamily": "software", "cvelist": ["CVE-2018-1191", "CVE-2014-9130"], "description": "CVE-2014-9130: LibYAML vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nLibYAML\n\n# Versions Affected\n\n * Cloud Foundry Ruby Buildpack versions prior to 1.6.25\n\n# Description\n\nStanis\u0142aw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * Upgrade the Ruby Buildpack to v1.6.25 [[1](<https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25>)] or later and restage all applications that use automated buildpack detection\n\n# Credit\n\nStanis\u0142aw Pitucha and Jonathan Gray\n\n# References\n\n * [1] <https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130>\n", "edition": 2052, "modified": "2016-09-21T00:00:00", "published": "2016-09-21T00:00:00", "id": "CFOUNDRY:E16D8E988420765C16BC608B63004B3D", "href": "https://www.cloudfoundry.org/blog/cve-2014-9130/", "title": "CVE-2014-9130: LibYAML vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:56:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "Package : libyaml-libyaml-perl\nVersion : 0.33-1+squeeze4\nCVE ID : CVE-2014-9130\nDebian Bug : 771365\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\n", "edition": 8, "modified": "2014-12-14T14:00:37", "published": "2014-12-14T14:00:37", "id": "DEBIAN:DLA-109-1:B53DC", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00013.html", "title": "[SECURITY] [DLA 109-1] libyaml-libyaml-perl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:05:19", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3115-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 29, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pyyaml\nCVE ID : CVE-2014-9130\nDebian Bug : 772815\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the \nway wrapped strings are parsed in Python-YAML, a YAML parser and emitter \nfor Python. An attacker able to load specially crafted YAML input into an\napplication using python-yaml could cause the application to crash.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.10-4+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.11-2.\n\nWe recommend that you upgrade your pyyaml packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2014-12-29T21:34:56", "published": "2014-12-29T21:34:56", "id": "DEBIAN:DSA-3115-1:AC152", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00306.html", "title": "[SECURITY] [DSA 3115-1] pyyaml security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:05:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3103-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 13, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libyaml-libyaml-perl\nCVE ID : CVE-2014-9130\nDebian Bug : 771365\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.38-3+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.41-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.41-6.\n\nWe recommend that you upgrade your libyaml-libyaml-perl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 6, "modified": "2014-12-13T16:34:25", "published": "2014-12-13T16:34:25", "id": "DEBIAN:DSA-3103-1:F01D7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00293.html", "title": "[SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:25:21", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "Package : libyaml\nVersion : 0.1.3-1+deb6u5\nCVE ID : CVE-2014-9130\nDebian Bug : 771366\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\n", "edition": 7, "modified": "2014-12-14T14:00:28", "published": "2014-12-14T14:00:28", "id": "DEBIAN:DLA-110-1:AFE46", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00012.html", "title": "[SECURITY] [DLA 110-1] libyaml security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:09:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3102-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 13, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libyaml\nCVE ID : CVE-2014-9130\nDebian Bug : 771366\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.1.4-2+deb7u5.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.1.6-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1.6-3.\n\nWe recommend that you upgrade your libyaml packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2014-12-13T16:34:07", "published": "2014-12-13T16:34:07", "id": "DEBIAN:DSA-3102-1:AA5CC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00292.html", "title": "[SECURITY] [DSA 3102-1] libyaml security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:16:13", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "Package : pyyaml\nVersion : 3.09-5+deb6u1\nCVE ID : CVE-2014-9130\nDebian Bug : 772815\n\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in Python-YAML, a YAML parser and emitter\nfor Python. An attacker able to load specially crafted YAML input into an\napplication using python-yaml could cause the application to crash.\n", "edition": 9, "modified": "2015-01-03T18:15:39", "published": "2015-01-03T18:15:39", "id": "DEBIAN:DLA-127-1:05C33", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201501/msg00000.html", "title": "[SECURITY] [DLA 127-1] pyyaml security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n", "modified": "2018-06-13T01:28:20", "published": "2015-02-02T05:00:00", "id": "RHSA-2015:0112", "href": "https://access.redhat.com/errata/RHSA-2015:0112", "type": "redhat", "title": "(RHSA-2015:0112) Moderate: libyaml security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n", "modified": "2018-06-06T20:24:23", "published": "2015-01-28T05:00:00", "id": "RHSA-2015:0100", "href": "https://access.redhat.com/errata/RHSA-2015:0100", "type": "redhat", "title": "(RHSA-2015:0100) Moderate: libyaml security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.", "modified": "2018-06-07T02:47:54", "published": "2015-02-23T17:46:35", "id": "RHSA-2015:0260", "href": "https://access.redhat.com/errata/RHSA-2015:0260", "type": "redhat", "title": "(RHSA-2015:0260) Moderate: libyaml security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:26:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0100\n\n\nYAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/032947.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/032955.html\n\n**Affected packages:**\nlibyaml\nlibyaml-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0100.html", "edition": 3, "modified": "2015-01-30T00:21:21", "published": "2015-01-28T22:40:28", "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/032947.html", "id": "CESA-2015:0100", "title": "libyaml security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-9130"], "description": "Assertion on strings parsing.", "edition": 1, "modified": "2014-12-22T00:00:00", "published": "2014-12-22T00:00:00", "id": "SECURITYVULNS:VULN:14168", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14168", "title": "libYAML DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-9130"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3102-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nDecember 13, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libyaml\r\nCVE ID : CVE-2014-9130\r\nDebian Bug : 771366\r\n\r\nJonathan Gray and Stanislaw Pitucha found an assertion failure in the\r\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\r\nemitter library. An attacker able to load specially crafted YAML input\r\ninto an application using libyaml could cause the application to crash.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 0.1.4-2+deb7u5.\r\n\r\nFor the upcoming stable distribution (jessie), this problem has been\r\nfixed in version 0.1.6-3.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.1.6-3.\r\n\r\nWe recommend that you upgrade your libyaml packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJUjGn5AAoJEAVMuPMTQ89ExH8P/2FcLa73V16IO4oAXORm7JE5\r\nQcaRDkwBTu9dE4tADR8rMifiUWWmqXe3S0mgO/3M3sdWU3lfRhQfNAVMKTcMKb+U\r\nZ4s4N4eJS7cU0eX8nHnODT0jffbIe/czRnNBhfmAQLprY2FhKfcJZ7JKLwQ6AHhI\r\nLcMIlPK/WOh4ekwftgRKBTn2/lu8gzYMYhxabxxWDK91ZW+AmJ6/x6xyueID0jVj\r\nFSJrfY7Hdpz18rJtOJy7DsUbs/izSGZGfLD5cGdqllN3ehzQi618L12BCB89JATH\r\nOGGeEAQEW0xLxailyb061R6fG8n8yWtI+5ywhFJZNrKKKrSOPKK8VVBO5xPsqYZP\r\nVklyrDIzu4Yn+q1PPiDC9yDo80IDi8Y4wV3q0ZC1rAc936y5ctSPkfa+di5Bb9Ut\r\ntYlHEPv5Cl5jS1JcZiGd6x9WnfsEvWufknPpLF5nn7U6wFoH55buLyEYSXSWopBg\r\n3vG+9MyKIucjjCfkZZ+NzZOvFGA3tNpZBbL6xxbN5mGrlqIRAnXllUpqkl5grT5/\r\n4FZr33dG8KY5E3/EZKZLogA8/WIKOPDBVoamC36pHQCT5ImsLelSXrjkF8H3zuXO\r\ny4Byy6442ZwtJB6s1SYfAnxxjvTdtXoAPR/t500clbD2NGVWbRe7b2dYRXMsI7e6\r\nD0k2GpaX349qlGgNTho+\r\n=bJHo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-12-22T00:00:00", "published": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31539", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31539", "title": "[SECURITY] [DSA 3102-1] libyaml security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-07-24T18:40:13", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2014-9130"], "description": "libYAML 0.1.6 (and 0.1.5) has a DoS vulnerablitity known as [CVE-2014-9130](http://www.cvedetails.com/cve/CVE-2014-9130/).\nNow Ruby 2.4.x bundles fixed version 0.1.7, but 2.3.x and 2.2.x still bundle 0.1.6.\n\nNote that I'm the maintainer of Ruby 2.3.x and 2.2.x.\nTherefore, this report is a kind of remainder.", "modified": "2017-10-25T13:58:30", "published": "2017-06-02T14:29:02", "id": "H1:235842", "href": "https://hackerone.com/reports/235842", "type": "hackerone", "title": "Ruby: Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML supports standard YAML tags and provides Python-specific tags that allow to represent an arbitrary Python object. PyYAML is applicable for a broad range of tasks from complex configuration files to object serialization and persistance. ", "modified": "2015-04-05T14:35:53", "published": "2015-04-05T14:35:53", "id": "FEDORA:DCAF560608FA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: PyYAML-3.10-11.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML supports standard YAML tags and provides Python-specific tags that allow to represent an arbitrary Python object. PyYAML is applicable for a broad range of tasks from complex configuration files to object serialization and persistance. ", "modified": "2015-04-21T18:36:26", "published": "2015-04-21T18:36:26", "id": "FEDORA:8A8906015E29", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: PyYAML-3.11-7.fc22", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML supports standard YAML tags and provides Python-specific tags that allow to represent an arbitrary Python object. PyYAML is applicable for a broad range of tasks from complex configuration files to object serialization and persistance. ", "modified": "2015-04-05T14:33:31", "published": "2015-04-05T14:33:31", "id": "FEDORA:0FCC46087AC1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: PyYAML-3.11-7.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. ", "modified": "2014-12-13T09:37:28", "published": "2014-12-13T09:37:28", "id": "FEDORA:8AE9D60CD842", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: libyaml-0.1.6-6.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6393", "CVE-2014-2525", "CVE-2014-9130"], "description": "Kirill Siminov's \"libyaml\" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was original ly bound to Python and was later bound to Ruby. ", "modified": "2014-12-13T09:35:05", "published": "2014-12-13T09:35:05", "id": "FEDORA:C2D0060CA53E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: perl-YAML-LibYAML-0.54-1.fc19", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6393", "CVE-2014-2525", "CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. ", "modified": "2014-12-13T09:51:34", "published": "2014-12-13T09:51:34", "id": "FEDORA:5C63B60DF38D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: libyaml-0.1.6-2.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6393", "CVE-2014-2525", "CVE-2014-9130"], "description": "Kirill Siminov's \"libyaml\" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was original ly bound to Python and was later bound to Ruby. ", "modified": "2014-12-12T04:31:36", "published": "2014-12-12T04:31:36", "id": "FEDORA:0679160D4B6D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: perl-YAML-LibYAML-0.54-1.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6393", "CVE-2014-2525", "CVE-2014-9130"], "description": "YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. ", "modified": "2014-12-13T09:44:43", "published": "2014-12-13T09:44:43", "id": "FEDORA:605506087ECF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: libyaml-0.1.6-2.fc19", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6393", "CVE-2014-2525", "CVE-2014-9130"], "description": "Kirill Siminov's \"libyaml\" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was original ly bound to Python and was later bound to Ruby. ", "modified": "2014-12-13T09:50:36", "published": "2014-12-13T09:50:36", "id": "FEDORA:E551360D2AB7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: perl-YAML-LibYAML-0.54-1.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "Stanis\u0142aw Pitucha and Jonathan Gray discovered that PyYAML did not \nproperly handle wrapped strings. An attacker could create specially \ncrafted YAML data to trigger an assert, causing a denial of service.", "edition": 68, "modified": "2015-01-12T00:00:00", "published": "2015-01-12T00:00:00", "id": "USN-2461-3", "href": "https://ubuntu.com/security/notices/USN-2461-3", "title": "PyYAML vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:34:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "Stanis\u0142aw Pitucha and Jonathan Gray discovered that \nlibyaml-libyaml-perl did not properly handle wrapped strings. An \nattacker could create specially crafted YAML data to trigger an assert, \ncausing a denial of service.", "edition": 68, "modified": "2015-01-12T00:00:00", "published": "2015-01-12T00:00:00", "id": "USN-2461-2", "href": "https://ubuntu.com/security/notices/USN-2461-2", "title": "libyaml-libyaml-perl vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:44:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "Stanis\u0142aw Pitucha and Jonathan Gray discovered that LibYAML did not \nproperly handle wrapped strings. An attacker could create specially \ncrafted YAML data to trigger an assert, causing a denial of service.", "edition": 68, "modified": "2015-01-12T00:00:00", "published": "2015-01-12T00:00:00", "id": "USN-2461-1", "href": "https://ubuntu.com/security/notices/USN-2461-1", "title": "LibYAML vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "**Issue Overview:**\n\nAn assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. ([CVE-2014-9130 __](<https://access.redhat.com/security/cve/CVE-2014-9130>))\n\n \n**Affected Packages:** \n\n\nlibyaml\n\n \n**Issue Correction:** \nRun _yum update libyaml_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libyaml-devel-0.1.6-6.7.amzn1.i686 \n libyaml-debuginfo-0.1.6-6.7.amzn1.i686 \n libyaml-0.1.6-6.7.amzn1.i686 \n \n src: \n libyaml-0.1.6-6.7.amzn1.src \n \n x86_64: \n libyaml-0.1.6-6.7.amzn1.x86_64 \n libyaml-devel-0.1.6-6.7.amzn1.x86_64 \n libyaml-debuginfo-0.1.6-6.7.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-02-11T19:38:00", "published": "2015-02-11T19:38:00", "id": "ALAS-2015-481", "href": "https://alas.aws.amazon.com/ALAS-2015-481.html", "title": "Medium: libyaml", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:37:26", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "**Issue Overview:**\n\nAn assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.\n\n \n**Affected Packages:** \n\n\nperl-YAML-LibYAML\n\n \n**Issue Correction:** \nRun _yum update perl-YAML-LibYAML_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n perl-YAML-LibYAML-0.59-1.16.amzn1.i686 \n perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.i686 \n \n src: \n perl-YAML-LibYAML-0.59-1.16.amzn1.src \n \n x86_64: \n perl-YAML-LibYAML-debuginfo-0.59-1.16.amzn1.x86_64 \n perl-YAML-LibYAML-0.59-1.16.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-02-11T19:39:00", "published": "2015-02-11T19:39:00", "id": "ALAS-2015-482", "href": "https://alas.aws.amazon.com/ALAS-2015-482.html", "title": "Medium: perl-YAML-LibYAML", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:10:43", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9130"], "description": "[0.1.3-4]\n- Add patch for CVE-2014-9130 (RHBZ#1169369)", "edition": 5, "modified": "2015-01-28T00:00:00", "published": "2015-01-28T00:00:00", "id": "ELSA-2015-0100", "href": "http://linux.oracle.com/errata/ELSA-2015-0100.html", "title": "libyaml security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-01-29T00:00:00", "id": "OPENVAS:1361412562310871310", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871310", "type": "openvas", "title": "RedHat Update for libyaml RHSA-2015:0100-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libyaml RHSA-2015:0100-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871310\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-29 05:14:09 +0100 (Thu, 29 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for libyaml RHSA-2015:0100-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libyaml'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nAn assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input into\nan application using libyaml could cause the application to crash.\n(CVE-2014-9130)\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the libyaml library must be restarted for this update to\ntake effect.\");\n script_tag(name:\"affected\", value:\"libyaml on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0100-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-January/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.4~11.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-debuginfo\", rpm:\"libyaml-debuginfo~0.1.4~11.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libyaml-debuginfo\", rpm:\"libyaml-debuginfo~0.1.3~4.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.", "modified": "2019-03-18T00:00:00", "published": "2014-12-13T00:00:00", "id": "OPENVAS:1361412562310703102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703102", "type": "openvas", "title": "Debian Security Advisory DSA 3102-1 (libyaml - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3102.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3102-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703102\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3102-1 (libyaml - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3102.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libyaml on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.1.4-2+deb7u5.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.1.6-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1.6-3.\n\nWe recommend that you upgrade your libyaml packages.\");\n script_tag(name:\"summary\", value:\"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libyaml-0-2\", ver:\"0.1.4-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libyaml-0-2-dbg\", ver:\"0.1.4-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libyaml-dev\", ver:\"0.1.4-2+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "Oracle Linux Local Security Checks ELSA-2015-0100", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123195", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0100", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0100.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123195\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:34 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0100\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0100 - libyaml security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0100\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0100.html\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.4~11.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.4~11.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.3~4.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.3~4.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:00:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120325", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-481)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120325\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:38 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-481)\");\n script_tag(name:\"insight\", value:\"An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130 )\");\n script_tag(name:\"solution\", value:\"Run yum update libyaml to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-481.html\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libyaml-devel\", rpm:\"libyaml-devel~0.1.6~6.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libyaml-debuginfo\", rpm:\"libyaml-debuginfo~0.1.6~6.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libyaml\", rpm:\"libyaml~0.1.6~6.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in Python-YAML,\na YAML parser and emitter for Python. An attacker able to load specially crafted\nYAML input into an application using python-yaml could cause the application to\ncrash.", "modified": "2017-07-10T00:00:00", "published": "2014-12-29T00:00:00", "id": "OPENVAS:703115", "href": "http://plugins.openvas.org/nasl.php?oid=703115", "type": "openvas", "title": "Debian Security Advisory DSA 3115-1 (pyyaml - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3115.nasl 6637 2017-07-10 09:58:13Z teissa $\n# Auto-generated from advisory DSA 3115-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703115);\n script_version(\"$Revision: 6637 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3115-1 (pyyaml - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-29 00:00:00 +0100 (Mon, 29 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3115.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"pyyaml on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 3.10-4+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.11-2.\n\nWe recommend that you upgrade your pyyaml packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in Python-YAML,\na YAML parser and emitter for Python. An attacker able to load specially crafted\nYAML input into an application using python-yaml could cause the application to\ncrash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-yaml-dbg\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-yaml-dbg\", ver:\"3.10-4+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-06T00:00:00", "id": "OPENVAS:1361412562310869197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869197", "type": "openvas", "title": "Fedora Update for PyYAML FEDORA-2015-4477", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for PyYAML FEDORA-2015-4477\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869197\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-06 07:19:03 +0200 (Mon, 06 Apr 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for PyYAML FEDORA-2015-4477\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'PyYAML'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"PyYAML on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4477\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154305.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"PyYAML\", rpm:\"PyYAML~3.10~11.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842047", "type": "openvas", "title": "Ubuntu Update for pyyaml USN-2461-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for pyyaml USN-2461-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842047\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:58:05 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for pyyaml USN-2461-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pyyaml'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Stanis&#322 aw Pitucha and Jonathan Gray\ndiscovered that PyYAML did not properly handle wrapped strings. An attacker could\ncreate specially crafted YAML data to trigger an assert, causing a denial of\nservice.\");\n script_tag(name:\"affected\", value:\"pyyaml on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2461-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2461-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.11-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.11-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.10-4ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.10-4ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-yaml\", ver:\"3.10-2ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-yaml\", ver:\"3.10-2ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-27T10:48:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.", "modified": "2017-07-12T00:00:00", "published": "2014-12-13T00:00:00", "id": "OPENVAS:703103", "href": "http://plugins.openvas.org/nasl.php?oid=703103", "type": "openvas", "title": "Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3103.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 3103-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703103);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3103.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libyaml-libyaml-perl on Debian Linux\");\n script_tag(name: \"insight\", value: \"YAML::LibYAML (or YAML::XS) is a Perl\ninterface to Kirill Siminov's libyaml library, a YAML Ain't Markup Language (YAML)\nimplementation written in C to support the YAML 1.1 specification. The provided\nDump and Load routines are compatible with the Perl YAML module\n(see libyaml-perl).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.38-3+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.41-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.41-6.\n\nWe recommend that you upgrade your libyaml-libyaml-perl packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libyaml-libyaml-perl\", ver:\"0.38-3+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.", "modified": "2019-03-18T00:00:00", "published": "2014-12-13T00:00:00", "id": "OPENVAS:1361412562310703103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703103", "type": "openvas", "title": "Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3103.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 3103-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703103\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-9130\");\n script_name(\"Debian Security Advisory DSA 3103-1 (libyaml-libyaml-perl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-13 00:00:00 +0100 (Sat, 13 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3103.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libyaml-libyaml-perl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 0.38-3+deb7u3.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.41-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.41-6.\n\nWe recommend that you upgrade your libyaml-libyaml-perl packages.\");\n script_tag(name:\"summary\", value:\"Jonathan Gray and Stanislaw Pitucha\nfound an assertion failure in the way wrapped strings are parsed in LibYAML,\na fast YAML 1.1 parser and emitter library. An attacker able to load specially\ncrafted YAML input into an application using libyaml could cause the application\nto crash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libyaml-libyaml-perl\", ver:\"0.38-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842064", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842064", "type": "openvas", "title": "Ubuntu Update for libyaml-libyaml-perl USN-2461-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libyaml-libyaml-perl USN-2461-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842064\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:59:02 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-9130\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for libyaml-libyaml-perl USN-2461-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libyaml-libyaml-perl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Stanis&#322 aw Pitucha and Jonathan Gray\ndiscovered that libyaml-libyaml-perl did not properly handle wrapped strings. An\nattacker could create specially crafted YAML data to trigger an assert,\ncausing a denial of service.\");\n script_tag(name:\"affected\", value:\"libyaml-libyaml-perl on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2461-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2461-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libyaml-libyaml-perl\", ver:\"0.41-5ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libyaml-libyaml-perl\", ver:\"0.41-5ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libyaml-libyaml-perl\", ver:\"0.38-2ubuntu0.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:12:21", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-12-15T00:00:00", "title": "Fedora 19 : libyaml-0.1.6-2.fc19 (2014-16130)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libyaml", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-16130.NASL", "href": "https://www.tenable.com/plugins/nessus/79913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16130.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79913);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2014-16130\");\n\n script_name(english:\"Fedora 19 : libyaml-0.1.6-2.fc19 (2014-16130)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169369\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146084.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbdcd472\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libyaml package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"libyaml-0.1.6-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:38:38", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-03-26T00:00:00", "title": "Debian DLA-110-1 : libyaml security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-03-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libyaml-dev", "p-cpe:/a:debian:debian_linux:libyaml-0-2"], "id": "DEBIAN_DLA-110.NASL", "href": "https://www.tenable.com/plugins/nessus/82094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-110-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82094);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_bugtraq_id(71349);\n\n script_name(english:\"Debian DLA-110-1 : libyaml security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libyaml\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libyaml-0-2, and libyaml-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libyaml-0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libyaml-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libyaml-0-2\", reference:\"0.1.3-1+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libyaml-dev\", reference:\"0.1.3-1+deb6u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:38:35", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-03-26T00:00:00", "title": "Debian DLA-109-1 : libyaml-libyaml-perl security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-03-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libyaml-libyaml-perl"], "id": "DEBIAN_DLA-109.NASL", "href": "https://www.tenable.com/plugins/nessus/82093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-109-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82093);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_bugtraq_id(71349);\n\n script_name(english:\"Debian DLA-109-1 : libyaml-libyaml-perl security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\n\nThis update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libyaml-libyaml-perl\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libyaml-libyaml-perl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libyaml-libyaml-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libyaml-libyaml-perl\", reference:\"0.33-1+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:22:18", "description": "This libyaml update fixes the following security issue :\n\n - bnc#907809: assert failure when processing wrapped\n strings (CVE-2014-9130)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libyaml (SUSE-SU-2015:0013-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libyaml-0-2-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libyaml-0", "p-cpe:/a:novell:suse_linux:libyaml-debugsource"], "id": "SUSE_SU-2015-0013-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0013-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83661);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_bugtraq_id(71349);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libyaml (SUSE-SU-2015:0013-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This libyaml update fixes the following security issue :\n\n - bnc#907809: assert failure when processing wrapped\n strings (CVE-2014-9130)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9130/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150013-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b57262bb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-4\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-4\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-4\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libyaml-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libyaml-0-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libyaml-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libyaml-0-2-0.1.6-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libyaml-0-2-debuginfo-0.1.6-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libyaml-debugsource-0.1.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libyaml-0-2-0.1.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libyaml-0-2-debuginfo-0.1.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libyaml-debugsource-0.1.6-4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:12:21", "description": "An assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-12-15T00:00:00", "title": "Fedora 19 : perl-YAML-LibYAML-0.54-1.fc19 (2014-16210)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:perl-YAML-LibYAML"], "id": "FEDORA_2014-16210.NASL", "href": "https://www.tenable.com/plugins/nessus/79920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16210.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79920);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2014-16210\");\n\n script_name(english:\"Fedora 19 : perl-YAML-LibYAML-0.54-1.fc19 (2014-16210)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169369\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc2fcdbc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-YAML-LibYAML package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-YAML-LibYAML\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"perl-YAML-LibYAML-0.54-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-YAML-LibYAML\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:48:53", "description": "Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in Python-YAML, a YAML parser and\nemitter for Python. An attacker able to load specially crafted YAML\ninput into an application using python-yaml could cause the\napplication to crash.", "edition": 15, "published": "2014-12-30T00:00:00", "title": "Debian DSA-3115-1 : pyyaml - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:pyyaml", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3115.NASL", "href": "https://www.tenable.com/plugins/nessus/80286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3115. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80286);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_bugtraq_id(71349);\n script_xref(name:\"DSA\", value:\"3115\");\n\n script_name(english:\"Debian DSA-3115-1 : pyyaml - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in Python-YAML, a YAML parser and\nemitter for Python. An attacker able to load specially crafted YAML\ninput into an application using python-yaml could cause the\napplication to crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/pyyaml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3115\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pyyaml packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.10-4+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pyyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"python-yaml\", reference:\"3.10-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-yaml-dbg\", reference:\"3.10-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python3-yaml\", reference:\"3.10-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python3-yaml-dbg\", reference:\"3.10-4+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:39", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-04-22T00:00:00", "title": "Fedora 22 : PyYAML-3.11-7.fc22 (2015-5618)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-04-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:PyYAML", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-5618.NASL", "href": "https://www.tenable.com/plugins/nessus/82964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-5618.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82964);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2015-5618\");\n\n script_name(english:\"Fedora 22 : PyYAML-3.11-7.fc22 (2015-5618)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1204829\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155033.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c75b2e2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected PyYAML package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:PyYAML\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"PyYAML-3.11-7.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PyYAML\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:35", "description": "Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-04-07T00:00:00", "title": "Fedora 21 : PyYAML-3.11-7.fc21 (2015-4642)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-04-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:PyYAML"], "id": "FEDORA_2015-4642.NASL", "href": "https://www.tenable.com/plugins/nessus/82605", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4642.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82605);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9130\");\n script_xref(name:\"FEDORA\", value:\"2015-4642\");\n\n script_name(english:\"Fedora 21 : PyYAML-3.11-7.fc21 (2015-4642)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9130\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1204829\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56f353f6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected PyYAML package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:PyYAML\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"PyYAML-3.11-7.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PyYAML\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:39", "description": "An assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash. (CVE-2014-9130)\n\nAll running applications linked against the libyaml library must be\nrestarted for this update to take effect.", "edition": 14, "published": "2015-01-29T00:00:00", "title": "Scientific Linux Security Update : libyaml on SL6.x, SL7.x i386/x86_64 (20150128)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2015-01-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libyaml", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:libyaml-devel", "p-cpe:/a:fermilab:scientific_linux:libyaml-debuginfo"], "id": "SL_20150128_LIBYAML_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/81074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9130\");\n\n script_name(english:\"Scientific Linux Security Update : libyaml on SL6.x, SL7.x i386/x86_64 (20150128)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An assertion failure was found in the way the libyaml library parsed\nwrapped strings. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to\ncrash. (CVE-2014-9130)\n\nAll running applications linked against the libyaml library must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1501&L=scientific-linux-errata&T=0&P=3085\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6127c7ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libyaml, libyaml-debuginfo and / or libyaml-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libyaml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libyaml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libyaml-0.1.3-4.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libyaml-debuginfo-0.1.3-4.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libyaml-devel-0.1.3-4.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libyaml-0.1.4-11.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libyaml-debuginfo-0.1.4-11.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libyaml-devel-0.1.4-11.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml / libyaml-debuginfo / libyaml-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:06", "description": "This libyaml update fixes the following security issue :\n\n - bnc#907809: assert failure when processing wrapped\n strings (CVE-2014-9130)", "edition": 18, "published": "2014-12-15T00:00:00", "title": "openSUSE Security Update : libyaml (openSUSE-SU-2014:1625-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9130"], "modified": "2014-12-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libyaml-0-2-debuginfo", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:libyaml-0-2", "p-cpe:/a:novell:opensuse:libyaml-devel", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libyaml-debugsource", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-765.NASL", "href": "https://www.tenable.com/plugins/nessus/79998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-765.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79998);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9130\");\n\n script_name(english:\"openSUSE Security Update : libyaml (openSUSE-SU-2014:1625-1)\");\n script_summary(english:\"Check for the openSUSE-2014-765 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This libyaml update fixes the following security issue :\n\n - bnc#907809: assert failure when processing wrapped\n strings (CVE-2014-9130)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00047.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libyaml packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libyaml-0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libyaml-0-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libyaml-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libyaml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libyaml-0-2-0.1.3-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libyaml-0-2-debuginfo-0.1.3-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libyaml-debugsource-0.1.3-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libyaml-devel-0.1.3-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libyaml-0-2-0.1.4-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libyaml-0-2-debuginfo-0.1.4-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libyaml-debugsource-0.1.4-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libyaml-devel-0.1.4-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libyaml-0-2-0.1.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libyaml-0-2-debuginfo-0.1.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libyaml-debugsource-0.1.6-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libyaml-devel-0.1.6-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libyaml-0-2 / libyaml-0-2-debuginfo / libyaml-debugsource / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}