SB2015012904 - Input validation error in yaml (Alpine package)
Published: January 29, 2015
Security Bulletin ID
SB2015012904
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2014-9130)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=b4b9f27388f692e5981e2380a2530597d780e00a
- https://git.alpinelinux.org/aports/commit/?id=a853e3bc421a520fccd5b482e92f1584ab9b25af
- https://git.alpinelinux.org/aports/commit/?id=c26ee7ddc49f3aa15cd9e0ac6c85259d5c3f186e
- https://git.alpinelinux.org/aports/commit/?id=a1e7bc74cdeac8520b201eb810464e43ed7fcd91