CVE-2014-9130
Published: 8 December 2014
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
Notes
| Author | Note |
|---|---|
| seth-arnold | pyyaml may receive its own CVE |
| mdeslaur | perl PoC: http://www.openwall.com/lists/oss-security/2014/11/28/6 |
| sbeattie | ruby1.9+ uses libyaml-0-2, so it's fixed when libyaml is fixed |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libyaml Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(0.1.4-2ubuntu0.12.04.4)
|
|
| trusty |
Released
(0.1.4-3ubuntu3.1)
|
|
| upstream |
Released
(0.1.6-3)
|
|
| utopic |
Released
(0.1.6-1ubuntu0.1)
|
|
|
Patches: upstream: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 |
||
|
libyaml-libyaml-perl Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(0.38-2ubuntu0.2)
|
|
| trusty |
Released
(0.41-5ubuntu0.14.04.1)
|
|
| upstream |
Released
(0.41-6)
|
|
| utopic |
Released
(0.41-5ubuntu0.14.10.1)
|
|
|
pyyaml Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(3.10-2ubuntu0.1)
|
|
| trusty |
Released
(3.10-4ubuntu0.1)
|
|
| upstream |
Needed
|
|
| utopic |
Released
(3.11-1ubuntu0.1)
|
|
|
Patches: upstream: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc |
||