You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa libyaml

Sigurnosni nedostatak programskog paketa libyaml

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2461-1
January 12, 2015

libyaml vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Applications using LibYAML could be made to crash if they received
specially crafted input.

Software Description:
– libyaml: Fast YAML 1.1 parser and emitter library

Details:

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not
properly handle wrapped strings. An attacker could create specially
crafted YAML data to trigger an assert, causing a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libyaml-0-2 0.1.6-1ubuntu0.1

Ubuntu 14.04 LTS:
libyaml-0-2 0.1.4-3ubuntu3.1

Ubuntu 12.04 LTS:
libyaml-0-2 0.1.4-2ubuntu0.12.04.4

After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2461-1
CVE-2014-9130

Package Information:
https://launchpad.net/ubuntu/+source/libyaml/0.1.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-3ubuntu3.1
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.04.4

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUtEpIAAoJEC8Jno0AXoH0tdkQALSatZE9HZNd7Cxb8heGXhhG
mOOLkMAbyytBY/tVH7yGhEupDv34EsSTHbiU3aANkJ8js18Z52UWNcBfs9Wns8hN
D+naQlQR+h0LKmGZEv1yZop8i/MUqhK9nImpg1Avm7vbhdPz7b2DLsJkuCSZbvPq
e1Mot7RR3iQzINnzi9Vlu3eq+QupRhf1jk1c8X5PvCw95k95E44mJmMUiOSJn3rw
tvpriblWO1E81qrc6ctLppYB/STbWQo2Zkl4cXK/dsiJMTY8fYPa5/e76w375qB2
wFR9a5xJlP/Psn0FZKNUJogTvtSLSc1gOiWJTcfx1ovmFgDnRu7ZpCzx006Y0D8o
JlYtR9MThw2RoybkJqEykYv+7p6NEq4hdM6h/DZpcpZQGZj2mURj1NGKakAOZOaM
GVTnkbeQ/e3MUDjVaMfRbP2iVxqK7i5Un3iAp/4Uy7sdhmG7FHS4Borw4Amu5NpK
2gQBU1sdDf/pnXLQ5u7VWp2B4c3Uyj6nJ/TI7FGKbUGMW2b96VKsmxgSjfqFjePf
DPEbXthAq7dsYN13GCS0kNUuGMVydv2ZaJ0mWnSZ5u+mwG2meWp4DodOzzrUF2Hm
G38NWeGv32hxlJxbut6j2FWtV5qbs6LgMYLlfidbkpmUkgBxEma293GYxlPRDnQB
Qc4D5DBkycRWTT2sYj9E
=HBJe
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2015-01-0026-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa pyyaml

Otkriven je sigurnosni nedostatak u programskom paketu pyyaml za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...

Close