You are here
Home > Preporuke > Ispravak sigurnosne zakrpe za libyaml

Ispravak sigurnosne zakrpe za libyaml

==========================================================================
Ubuntu Security Notice USN-2098-2
February 13, 2014

libyaml regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS

Summary:

USN-2098-1 introduced a regression in LibYAML.

Software Description:
– libyaml: Fast YAML 1.1 parser and emitter library

Details:

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used
introduced a regression that caused parsing failures for certain valid YAML
files. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Florian Weimer discovered that LibYAML incorrectly handled certain large
yaml documents. An attacker could use this issue to cause LibYAML to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libyaml-0-2 0.1.4-2ubuntu0.13.10.2

Ubuntu 12.10:
libyaml-0-2 0.1.4-2ubuntu0.12.10.2

Ubuntu 12.04 LTS:
libyaml-0-2 0.1.4-2ubuntu0.12.04.2

After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2098-2
http://www.ubuntu.com/usn/usn-2098-1
https://launchpad.net/bugs/1279805

Package Information:
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.13.10.2
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.04.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJS/PRwAAoJEGVp2FWnRL6TW3wP/1FzEcWDag0NSqXTqpgpj+Og
z8+VSJjYu4qstb0EH2fHJksy4y5MYrKXO3bbGXOf2J1XHUlhwbpV3rUt743XJjHW
RDdRW+/ZdskrZPhQuLSg2x8H481Ui0Z7THYp9GCfoXsGv97RYy3l+Npi9bhIMnwq
5uVU3hDaBaCgfUXDgPp1oRHP4LJBKd1Up5nMzYGU6P2EmqL/VeglvkdeI+Iwc8Zy
fAYxwixvl60+Fhl5hlZdqXku9TaZB/n/IyW3iv5U2lwruvGsRj587FuFwNou0stH
HoxArrQbHDx6tYB+i3+BL1QsD2QPsec8AvbvmVmBsHRVPqfRcwyOr3hAeuuFhUvT
XFEOYUtsUfkYBLeqyAKX1xCZp5FOpvSSA/sFH4H3ZfYDkGBxY3nJLHYHFUYDhJgp
x2I8bndfsvE+PU+dhFXboAr9qCuAIUX3d+bIX6KnDo3dVVdCZV2la4YLv+h0tj/P
uDuiMwjvjKm9zXPDZTveKk7NYvfGzdWerAp/7UitzEQuFPEiW8fy4FI9qRLsLUbK
3CfxOGpbHGP+s3eLVD8rsgJ3eb0IziWBBoazDI9FlZo6PrR/nxBZ3az3wYMs/r9L
khbALnxJHxIZGbh6tjQkROX/uwst3sWebWc0CRDVVAgver0avFIWlPWXfswW/tQX
HC72QwPE4C5GTa6lNogJ
=AUu4
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni propust programskog paketa php

Otkriven je sigurnosni propust u programskom paketu php za operacijski sustav Mandriva. Otkriveni propust potencijalnim napadačima omogućuje otkrivanje informacija. Svim...

Close