You are here
Home > Preporuke > Ranjivost programske biblioteke libyaml

Ranjivost programske biblioteke libyaml

==========================================================================
Ubuntu Security Notice USN-2098-1
February 04, 2014

libyaml vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS

Summary:

LibYAML could be made to crash or run programs if it opened specially
crafted yaml document.

Software Description:
– libyaml: Fast YAML 1.1 parser and emitter library

Details:

Florian Weimer discovered that LibYAML incorrectly handled certain large
yaml documents. An attacker could use this issue to cause LibYAML to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libyaml-0-2 0.1.4-2ubuntu0.13.10.1

Ubuntu 12.10:
libyaml-0-2 0.1.4-2ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libyaml-0-2 0.1.4-2ubuntu0.12.04.1

After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2098-1
CVE-2013-6393

Package Information:
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJS8URVAAoJEGVp2FWnRL6TWaUP/0ClQwyVcgcBLFMM7mBx1d2W
hbRObOZrPa2fDGVAx6hm7+Z8Qt13onlx2SX13pDtFXqjRvbPXSSNPbf4HaxHkLyX
6RMyDrJAxOS/0r1MQjGgEH9NOWX4eTQnOZkDuoNMFoPu+kqkooWGk1MH/bUygdCj
lv8gv288f9teydVioQK/HKZBVmV6+mEqRQ209sSOJh9w1/H5L/r6y+yD1vz38Bq8
BjL39t+FOdicD+iBuLKOtnkAm+C4F8REtOH98V3R9DRTe4amgf7BgG99afgGFZ4f
kT08nGtSGHAj9CKZtbt58GN0eCq3qG8oxkkFe5NLQNsLmncZmefLdlKhnkWwbtXB
XNTejvQeaNCpSNYZhLUvd+BUyNN0czlrWaCdqlvlvxdUN0XksxzGVI4bil+MvaZo
xNSl9yLKwmNVcYsnIDsJWApPGV7vPAkxEYXA5e1hhYlSMFdKuGHCI2F+ivQSjrDT
/XWseFF7qkzNdpdB0e0vyPXcQJw9cUuKRVIxBGwVCi+PjBxmUnM5Nb2tJxEU2hKA
Nfc2oPRdKbxpaQPH76bV5DdvN5dHdF2n169AS0XYJZ6fwvB4KyVlDV7aaFhsXp0B
qIddlWxcu0I9tz5AGPpr6Cly8ZGkgnvFxXAgRIECEDCwznllBumTfJTTM6MqFNpo
kH/gn32EeXd29MqSTcZl
=yrDJ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti programskog paketa libwww-perl

Otklonjene su dvije ranjivosti kod programskog paketa libwww-perl za Gentoo. Prva ranjivost posjedica je neodbacivanja preuzetih datoteka čiji nazivi započinju...

Close