152 matches found
Fedora 19 : perl-YAML-LibYAML-0.41-4.fc19 (2014-4517)
This update addressed two security issues. CVE-2013-6393: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML...
Fedora 20 : perl-YAML-LibYAML-0.41-4.fc20 (2014-4548)
This update addressed two security issues. CVE-2013-6393: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML...
Ubuntu 12.04 LTS / 12.10 / 13.10 : libyaml-libyaml-perl vulnerabilities (USN-2161-1)
Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6393 Ivan Fratric discovered that...
Important: Red Hat Security Advisory: ruby193-libyaml security update
Updated ruby193-libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
USN-2161-1: libyaml-libyaml-perl vulnerabilities
Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6393 Ivan Fratric discovered that...
Updated perl-YAML-LibYAML package fixes security vulnerabilies
Updated perl-YAML-LibYAML packages fix security vulnerabilities: Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag...
Updated libyaml package fixes security vulnerability
Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application t...
Important: Red Hat Security Advisory: libyaml security update
Updated libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...
Important: Red Hat Security Advisory: libyaml security update
Updated libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...
Important: Red Hat Security Advisory: ruby193-libyaml security update
Updated ruby193-libyaml packages that fix two security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
[oCERT-2014-003] LibYAML input sanitization errors
2014-003 LibYAML input sanitization errors Description: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for t...
CVE-2014-2525
Heap-based buffer overflow in the yamlparserscanuriescapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file...
CVE-2014-2525
CVE-2014-2525 : LibYAML's yaml_parser_scan_uri_escapes() has a heap-based buffer overflow when parsing percent-encoded text in a URI within YAML documents. The issue affects LibYAML before 0.1.6 and can allow arbitrary code execution via a crafted YAML file. Affected products use libyaml librarie...
CVE-2014-2525
Heap-based buffer overflow in the yamlparserscanuriescapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file...
LibYAML 'yaml_parser_scan_uri_escapes()'函数远程堆缓冲区溢出漏洞
BUGTRAQ ID: 66478 CVECAN ID: CVE-2014-2525 LibYAML是用C语言编写的YAML 1.1解析器和发射器。 由于程序没有正确过滤用户提供的输入,允许远程攻击者在易受攻击的应用程序上下文中执行任意代码。 0 LibYAML 0.1.6 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://pyyaml.org/wiki/LibYAML...
Debian DSA-2885-1 : libyaml-libyaml-perl - security update
Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially crafted YAML document that, when parsed by an application using libyaml, would cause the application t...
[SECURITY] [DSA 2884-1] libyaml security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2884-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2885-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq -...
CVE-2014-2525
Heap-based buffer overflow in the yamlparserscanuriescapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file...
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2885-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq -...