SUSE-SU-2022:1072-1

Опубликовано: 01 апр. 2022

Источник: suse-cvrf

Описание

Security update for yaml-cpp

This update for yaml-cpp fixes the following issues:

CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).

Список пакетов

SUSE Linux Enterprise Workstation Extension 12 SP5

libyaml-cpp0_5-0.5.3-3.6.3

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221072-1/
Link for SUSE-SU-2022:1072-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010617.html
E-Mail link for SUSE-SU-2022:1072-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1121227
SUSE Bug 1121227
https://bugzilla.suse.com/1121230
SUSE Bug 1121230
https://bugzilla.suse.com/1122004
SUSE Bug 1122004
https://bugzilla.suse.com/1122021
SUSE Bug 1122021
https://www.suse.com/security/cve/CVE-2018-20573/
SUSE CVE CVE-2018-20573 page
https://www.suse.com/security/cve/CVE-2018-20574/
SUSE CVE CVE-2018-20574 page
https://www.suse.com/security/cve/CVE-2019-6285/
SUSE CVE CVE-2019-6285 page
https://www.suse.com/security/cve/CVE-2019-6292/
SUSE CVE CVE-2019-6292 page

Описание

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 12 SP5:libyaml-cpp0_5-0.5.3-3.6.3

Ссылки

https://www.suse.com/security/cve/CVE-2018-20573.html
CVE-2018-20573
https://bugzilla.suse.com/1121227
SUSE Bug 1121227

Описание

The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 12 SP5:libyaml-cpp0_5-0.5.3-3.6.3

Ссылки

https://www.suse.com/security/cve/CVE-2018-20574.html
CVE-2018-20574
https://bugzilla.suse.com/1121230
SUSE Bug 1121230

Описание

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 12 SP5:libyaml-cpp0_5-0.5.3-3.6.3

Ссылки

https://www.suse.com/security/cve/CVE-2019-6285.html
CVE-2019-6285
https://bugzilla.suse.com/1122004
SUSE Bug 1122004
https://bugzilla.suse.com/1122021
SUSE Bug 1122021
https://bugzilla.suse.com/1129245
SUSE Bug 1129245

Описание

An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 12 SP5:libyaml-cpp0_5-0.5.3-3.6.3

Ссылки

https://www.suse.com/security/cve/CVE-2019-6292.html
CVE-2019-6292
https://bugzilla.suse.com/1122021
SUSE Bug 1122021

SUSE-SU-2022:1072-1

Описание

Список пакетов

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2018-20573

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-20574

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-6285

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-6292

Описание

Затронутые продукты

Ссылки