[SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update

2014-03-0812:52:12

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Debian Security Advisory DSA-2870-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
March 08, 2014 http://www.debian.org/security/faq

Package : libyaml-libyaml-perl
Vulnerability : heap-based buffer overflow
CVE ID : CVE-2013-6393

Florian Weimer of the Red Hat Product Security Team discovered a
heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and
emitter library. A remote attacker could provide a YAML document with a
specially-crafted tag that, when parsed by an application using libyaml,
would cause the application to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.

This update corrects this flaw in the copy that is embedded in the
libyaml-libyaml-perl package.

For the oldstable distribution (squeeze), this problem has been fixed in
version 0.33-1+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in
version 0.38-3+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 0.41-4.

For the unstable distribution (sid), this problem has been fixed in
version 0.41-4.

We recommend that you upgrade your libyaml-libyaml-perl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6mipsellibyaml-0-2< 0.1.3-1+deb6u2libyaml-0-2_0.1.3-1+deb6u2_mipsel.deb
Debian7ia64libyaml-dev< 0.1.4-2+deb7u2libyaml-dev_0.1.4-2+deb7u2_ia64.deb
Debian7amd64libyaml-0-2-dbg< 0.1.4-2+deb7u2libyaml-0-2-dbg_0.1.4-2+deb7u2_amd64.deb
Debian7i386libyaml-0-2< 0.1.4-2+deb7u2libyaml-0-2_0.1.4-2+deb7u2_i386.deb
Debian7mipslibyaml-0-2< 0.1.4-2+deb7u2libyaml-0-2_0.1.4-2+deb7u2_mips.deb
Debian6amd64libyaml-0-2< 0.1.3-1+deb6u2libyaml-0-2_0.1.3-1+deb6u2_amd64.deb
Debian7kfreebsd-i386libyaml-0-2-dbg< 0.1.4-2+deb7u2libyaml-0-2-dbg_0.1.4-2+deb7u2_kfreebsd-i386.deb
Debian6mipslibyaml-libyaml-perl< 0.33-1+squeeze2libyaml-libyaml-perl_0.33-1+squeeze2_mips.deb
Debian6i386libyaml-dev< 0.1.3-1+deb6u2libyaml-dev_0.1.3-1+deb6u2_i386.deb
Debian6kfreebsd-i386libyaml-libyaml-perl< 0.33-1+squeeze2libyaml-libyaml-perl_0.33-1+squeeze2_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	mipsel	libyaml-0-2	< 0.1.3-1+deb6u2	libyaml-0-2_0.1.3-1+deb6u2_mipsel.deb
Debian	7	ia64	libyaml-dev	< 0.1.4-2+deb7u2	libyaml-dev_0.1.4-2+deb7u2_ia64.deb
Debian	7	amd64	libyaml-0-2-dbg	< 0.1.4-2+deb7u2	libyaml-0-2-dbg_0.1.4-2+deb7u2_amd64.deb
Debian	7	i386	libyaml-0-2	< 0.1.4-2+deb7u2	libyaml-0-2_0.1.4-2+deb7u2_i386.deb
Debian	7	mips	libyaml-0-2	< 0.1.4-2+deb7u2	libyaml-0-2_0.1.4-2+deb7u2_mips.deb
Debian	6	amd64	libyaml-0-2	< 0.1.3-1+deb6u2	libyaml-0-2_0.1.3-1+deb6u2_amd64.deb
Debian	7	kfreebsd-i386	libyaml-0-2-dbg	< 0.1.4-2+deb7u2	libyaml-0-2-dbg_0.1.4-2+deb7u2_kfreebsd-i386.deb
Debian	6	mips	libyaml-libyaml-perl	< 0.33-1+squeeze2	libyaml-libyaml-perl_0.33-1+squeeze2_mips.deb
Debian	6	i386	libyaml-dev	< 0.1.3-1+deb6u2	libyaml-dev_0.1.3-1+deb6u2_i386.deb
Debian	6	kfreebsd-i386	libyaml-libyaml-perl	< 0.33-1+squeeze2	libyaml-libyaml-perl_0.33-1+squeeze2_kfreebsd-i386.deb