Summary: | <dev-libs/libyaml-0.1.5 : buffer overflow (CVE-2013-6393) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | radhermit |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/01/31/1 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-01-31 19:51:59 UTC
Arches go ahead. Stable for HPPA. CVE-2013-6393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6393): The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. ia64 stable amd64 stable x86 stable ppc stable ppc64 stable sparc stable alpha stable arm stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. glsa request filed. + 27 Feb 2014; Sergey Popov <pinkbyte@gentoo.org> -libyaml-0.1.4.ebuild: + Security cleanup, wrt bug #499920 This issue was resolved and addressed in GLSA 201403-02 at http://security.gentoo.org/glsa/glsa-201403-02.xml by GLSA coordinator Mikle Kolyada (Zlogene). |