Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0925-1

Опубликовано: 12 мар. 2015
Источник: suse-cvrf

Описание

Security update for python-PyYAML

python-PyYAML was updated to fix one security issue which could have allowed an attacker to cause a denial of service by supplying specially crafted strings

The following issue was fixed:

  • #921588: python-PyYAML: assert failure when processing wrapped strings (equivalent to CVE-2014-9130 in LibYAML)

Список пакетов

SUSE Linux Enterprise High Availability Extension 12
python-PyYAML-3.10-15.1
SUSE Linux Enterprise Module for Public Cloud 12
python-PyYAML-3.10-15.1

Ссылки

Описание

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12:python-PyYAML-3.10-15.1
SUSE Linux Enterprise Module for Public Cloud 12:python-PyYAML-3.10-15.1
Ссылки
Уязвимость SUSE-SU-2015:0925-1