NewStart CGSL MAIN 6.06 (SP) : PyYAML Vulnerability (NS-SA-2026-0019)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has PyYAML packages installed that are affected by a vulnerability: - scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service asserti...

Mageia: Security Advisory (MGASA-2014-0508)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0953-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0013-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0953-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

PyYaml is vulnerable to CVE-2014-9130 through a copied version of libyaml. The version of libyaml used is vulnerable to denial of service DoS attacks. A malicious user can pass a string to the application that can cause a parsing error leading to an infinite loop. This can cause the service to be...

Ruby: Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML

libYAML 0.1.6 and 0.1.5 has a DoS vulnerablitity known as CVE-2014-9130. Now Ruby 2.4.x bundles fixed version 0.1.7, but 2.3.x and 2.2.x still bundle 0.1.6. Note that I'm the maintainer of Ruby 2.3.x and 2.2.x. Therefore, this report is a kind of remainder...

CVE-2014-9130: LibYAML vulnerability | Cloud Foundry

CVE-2014-9130: LibYAML vulnerability Medium Vendor LibYAML Versions Affected Cloud Foundry Ruby Buildpack versions prior to 1.6.25 Description Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data ...

openSUSE Security Update : perl-YAML-LibYAML (openSUSE-2016-473)

perl-YAML-LibYAML was updated to fix three security issues. These security issues were fixed : - CVE-2013-6393: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performed an incorrect cast, which allowed remote attackers to cause a denial of service application crash and...

Oracle: Security Advisory (ELSA-2015-0100)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-481)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : perl-YAML-LibYAML (SUSE-SU-2015:0953-2)

perl-YAML-LibYAML was updated to fix three security issues. These security issues were fixed : - CVE-2013-6393: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performed an incorrect cast, which allowed remote attackers to cause a denial of service application crash and...

SUSE SLES12 Security Update : perl-YAML-LibYAML (SUSE-SU-2015:0953-1)

perl-YAML-LibYAML was updated to fix three security issues. These security issues were fixed : - CVE-2013-6393: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performed an incorrect cast, which allowed remote attackers to cause a denial of service application crash and...

SUSE SLED12 / SLES12 Security Update : libyaml (SUSE-SU-2015:0013-1)

This libyaml update fixes the following security issue : - bnc907809: assert failure when processing wrapped strings CVE-2014-9130 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clea...

Fedora 22 : PyYAML-3.11-7.fc22 (2015-5618)

Security fix for CVE-2014-9130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 21 : PyYAML-3.11-7.fc21 (2015-4642)

Security fix for CVE-2014-9130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 20 : PyYAML-3.10-11.fc20 (2015-4477)

Security fix for CVE-2014-9130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Mandriva Linux Security Advisory : yaml (MDVSA-2015:060)

Updated yaml packages fix security vulnerabilities : Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially crafted tag that, when...

SUSE-SU-2015:0925-2 Security update for python-PyYAML

python-PyYAML was updated to fix one security issue which could have allowed an attacker to cause a denial of service by supplying specially crafted strings The following issue was fixed: - 921588: python-PyYAML: assert failure when processing wrapped strings equivalent to CVE-2014-9130 in LibYAM...

SUSE-SU-2015:0699-1 Security update for python-PyYAML

python-PyYAML was updated to fix one security issue which could have allowed an attacker to cause a denial of service by supplying specially crafted strings. CVE-2014-9130, bsc921588 Security Issues: CVE-2014-9130...