Описание
Security update for python-PyYAML
python-PyYAML was updated to fix one security issue which could have allowed an attacker to cause a denial of service by supplying specially crafted strings
The following issue was fixed:
- #921588: python-PyYAML: assert failure when processing wrapped strings (equivalent to CVE-2014-9130 in LibYAML)
Список пакетов
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
python-PyYAML-3.10-15.1
SUSE Enterprise Storage 1.0
python-PyYAML-3.10-15.1
Ссылки
- Link for SUSE-SU-2015:0925-2
- E-Mail link for SUSE-SU-2015:0925-2
- SUSE Security Ratings
- SUSE Bug 921588
- SUSE CVE CVE-2014-9130 page
Описание
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-PyYAML-3.10-15.1
SUSE Enterprise Storage 1.0:python-PyYAML-3.10-15.1
Ссылки
- CVE-2014-9130
- SUSE Bug 907809
- SUSE Bug 911782
- SUSE Bug 921588