- Detalji os-a: LUB
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2098-2
February 13, 2014
libyaml regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
Summary:
USN-2098-1 introduced a regression in LibYAML.
Software Description:
– libyaml: Fast YAML 1.1 parser and emitter library
Details:
USN-2098-1 fixed a vulnerability in LibYAML. The security fix used
introduced a regression that caused parsing failures for certain valid YAML
files. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Florian Weimer discovered that LibYAML incorrectly handled certain large
yaml documents. An attacker could use this issue to cause LibYAML to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libyaml-0-2 0.1.4-2ubuntu0.13.10.2
Ubuntu 12.10:
libyaml-0-2 0.1.4-2ubuntu0.12.10.2
Ubuntu 12.04 LTS:
libyaml-0-2 0.1.4-2ubuntu0.12.04.2
After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2098-2
http://www.ubuntu.com/usn/usn-2098-1
https://launchpad.net/bugs/1279805
Package Information:
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.13.10.2
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.04.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJS/PRwAAoJEGVp2FWnRL6TW3wP/1FzEcWDag0NSqXTqpgpj+Og
z8+VSJjYu4qstb0EH2fHJksy4y5MYrKXO3bbGXOf2J1XHUlhwbpV3rUt743XJjHW
RDdRW+/ZdskrZPhQuLSg2x8H481Ui0Z7THYp9GCfoXsGv97RYy3l+Npi9bhIMnwq
5uVU3hDaBaCgfUXDgPp1oRHP4LJBKd1Up5nMzYGU6P2EmqL/VeglvkdeI+Iwc8Zy
fAYxwixvl60+Fhl5hlZdqXku9TaZB/n/IyW3iv5U2lwruvGsRj587FuFwNou0stH
HoxArrQbHDx6tYB+i3+BL1QsD2QPsec8AvbvmVmBsHRVPqfRcwyOr3hAeuuFhUvT
XFEOYUtsUfkYBLeqyAKX1xCZp5FOpvSSA/sFH4H3ZfYDkGBxY3nJLHYHFUYDhJgp
x2I8bndfsvE+PU+dhFXboAr9qCuAIUX3d+bIX6KnDo3dVVdCZV2la4YLv+h0tj/P
uDuiMwjvjKm9zXPDZTveKk7NYvfGzdWerAp/7UitzEQuFPEiW8fy4FI9qRLsLUbK
3CfxOGpbHGP+s3eLVD8rsgJ3eb0IziWBBoazDI9FlZo6PrR/nxBZ3az3wYMs/r9L
khbALnxJHxIZGbh6tjQkROX/uwst3sWebWc0CRDVVAgver0avFIWlPWXfswW/tQX
HC72QwPE4C5GTa6lNogJ
=AUu4
—–END PGP SIGNATURE—–
—
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-02-0027-ADV |
| ID izvornika | USN-2098-2 USN-2098-1 |
| Proizvod | libyaml |
| Izvor | http://www.ubuntu.com |
