You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa perl-YAML-LibYAML

Sigurnosni nedostatak programskog paketa perl-YAML-LibYAML

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2014-12-03 05:42:05

Name : perl-YAML-LibYAML
Product : Fedora 21
Version : 0.54
Release : 1.fc21
Summary : Perl YAML Serialization using XS and libyaml
Description :
Kirill Siminov’s “libyaml” is arguably the best YAML implementation. The C
library is written precisely to the YAML 1.1 specification. It was originally
bound to Python and was later bound to Ruby.

Update Information:

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

* Sun Nov 30 2014 Paul Howarth <> – 0.54-1
– Update to 0.54
– Fix for an edge case in scanner that results in an assert() failing
– Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525
* Tue Nov 18 2014 Jitka Plesnikova <> – 0.52-3
– Update BRs (bz#1165198)
* Wed Aug 27 2014 Jitka Plesnikova <> – 0.52-2
– Perl 5.20 rebuild

[ 1 ] Bug #1169369 – CVE-2014-9130 libyaml: assert failure when processing wrapped strings

This update can be installed with the “yum” update program. Use
su -c ‘yum update perl-YAML-LibYAML’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarijo Plepelic
Cert idNCERT-REF-2014-12-0035-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa openvpn

Otkriven je sigurnosni nedostatak u programskom paketu openvpn za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...