Debian Security Advisory DSA 3102-1 (libyaml - security update)

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. OpenVAS...

DSA-3103-1 libyaml-libyaml-perl - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3102-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-8680

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

Code injection

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

CVE-2014-8680

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

CVE-2014-8680

Vulnerability context (CVE-2014-8680): Affects ISC BIND 9.10.0–9.10.1. The DoS stems from GeoIP functionality when GeoIP databases are missing for IPv4/IPv6 or when IPv6 options are used, causing an assertion failure and named exit. Public references in the connected docs corroborate this DoS ris...

Some Recursive DNS Implementations Patch DoS Vulnerability

UPDATE: Some domain name system DNS server implementations are at risk for denial-of-service attacks after a vulnerability was disclosed and patched in a few popular server packages, including BIND, OpenDNS, PowerDNS and NLnetLabs. According to an advisory from DHS and the CERT Coordination Cente...

DEBIAN-CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

Code injection

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

CVE-2014-9130

CVE-2014-9130 affects LibYAML (used by YAML-LibYAML/YAML-XS in Perl) where wrapping of strings can trigger an assertion failure, causing a denial-of-service crash. Concrete details across connected docs identify LibYAML 0.1.5 and 0.1.6 as vulnerable; a patched version (0.1.7 or later) is availabl...

CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

UBUNTU-CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash CVE-2014-9130...

MGASA-2014-0508 Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash CVE-2014-9130...

openSUSE Security Update : zeromq (openSUSE-SU-2014:1493-1)

zeromq was updated to version 4.0.5 to fix two security issues and various other bugs. These security issues were fixed : - Did not validate the other party's security handshake properly, allowing a man-in-the-middle downgrade attack CVE-2014-7202. - Did not implement a uniqueness check on...

CVE-2014-8415

Race condition in the chanpjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service assertion failure and crash via a cancel request for a SIP session with a queued action to 1 answer a session or 2 send ringing...

openSUSE Security Update : zeromq (openSUSE-SU-2014:1381-1)

This udpate for zeromq fixes the following non-security and security-issues: Update to version 4.0.4, for a detailed description see /usr/share/doc/packages/zeromq-devel/NEWS - Add libsodium dep for testsuite where possible - Version bump to 4.0.5 fixes bnc898917 CVE-2014-7202 and CVE-2014-7203 :...