Описание
ELSA-2019-4360: libyang security update (IMPORTANT)
[0.16.105-3.2]
- Related: #1779573 - Fixing a few covscan issues
[0.16.105-3.1]
- Resolves: #1779573 - CVE-2019-19333 libyang: stack-based buffer overflow in make_canonical when bits leaf type is used
- Resolves: #1779576 - CVE-2019-19334 libyang: stack-based buffer overflow in make_canonical when identityref leaf type is used
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
libyang
0.16.105-3.el8_1.2
Oracle Linux x86_64
libyang
0.16.105-3.el8_1.2
Связанные CVE
Связанные уязвимости
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.