From ${URL} : #2014-003 LibYAML input sanitization errors Description: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow. Affected version: LibYAML <= 0.1.5 Fixed version: LibYAML >= 0.1.6 Credit: vulnerability report received from Ivan Fratric of the Google Security Team. CVE: CVE-2014-2525 Timeline: 2014-03-11: vulnerability report received 2014-03-14: maintainer provides patch for review 2014-03-17: reporter confirms patch 2014-03-17: disclosure coordinated on 2014-03-26 2014-03-18: contacted affected vendors 2014-03-18: assigned CVE 2014-03-26: LibYAML 0.1.6 released 2014-03-26: advisory release References: http://pyyaml.org/wiki/LibYAML https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 Permalink: http://www.ocert.org/advisories/ocert-2014-003.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches, please stabilize libyaml-0.1.6.
Stable for HPPA.
amd64 stable
x86 stable
arm stable
CVE-2014-2525 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2525): Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
ppc stable
alpha stable
ppc64 stable
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work. Added to new GLSA Request
This issue was resolved and addressed in GLSA 201405-27 at http://security.gentoo.org/glsa/glsa-201405-27.xml by GLSA coordinator Sergey Popov (pinkbyte).