Home Feedly IFTTT USN-2098-2: LibYAML regression

USN-2098-2: LibYAML regression

By
Thursday, February 13, 2014
Read
Add Comment

Ubuntu Security Notice USN-2098-2


13th February, 2014


libyaml regression


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 13.10

  • Ubuntu 12.10

  • Ubuntu 12.04 LTS


Summary


USN-2098-1 introduced a regression in LibYAML.


Software description



  • libyaml - Fast YAML 1.1 parser and emitter library


Details


USN-2098-1 fixed a vulnerability in LibYAML. The security fix used

introduced a regression that caused parsing failures for certain valid YAML

files. This update fixes the problem.


We apologize for the inconvenience.


Original advisory details:


Florian Weimer discovered that LibYAML incorrectly handled certain large

yaml documents. An attacker could use this issue to cause LibYAML to crash,

resulting in a denial of service, or possibly execute arbitrary code.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 13.10:

libyaml-0-2 0.1.4-2ubuntu0.13.10.2

Ubuntu 12.10:

libyaml-0-2 0.1.4-2ubuntu0.12.10.2

Ubuntu 12.04 LTS:

libyaml-0-2 0.1.4-2ubuntu0.12.04.2


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to restart applications using

LibYAML to make all the necessary changes.


References


LP: 1279805






via Ubuntu Security Notices http://bit.ly/1lJLdmZ
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us