(RHSA-2015:0260) Moderate: libyaml security update

2015-02-23T17:46:35
ID RHSA-2015:0260
Type redhat
Reporter RedHat
Modified 2018-06-07T02:47:54

Description

YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C.

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130)

All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.