-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2870-1 security@xxxxxxxxxx http://www.debian.org/security/ Salvatore Bonaccorso March 08, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml-libyaml-perl Vulnerability : heap-based buffer overflow CVE ID : CVE-2013-6393 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package. For the oldstable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 0.38-3+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 0.41-4. For the unstable distribution (sid), this problem has been fixed in version 0.41-4. We recommend that you upgrade your libyaml-libyaml-perl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTGxHlAAoJEAVMuPMTQ89EbtQQAKD9QG9kNJTuFl0P777wSyAR gQzzFjOGPP+p9Q3OWewXK2Xfk6fb6eBRk2vI3TZ63XD3KPPebhfMvRGHILp1jscI hab6pHbp2Bs6PcX+ahEUfVhnv+7J+RxNEjjl5RWMIznUCM6G5tX4xjAbaKTnAUSZ cbGHc3agtNXxQLGdW1eLedIZjWqVtkPQ3q7UbGl8dXbP8s1XWc0N+LJZDskFYfUT /99qX122gFOpNPI9YGuosa+I5J0LWCJz/+qN00wx5K5uipsV52wgR4Kq+xMLV545 A1sPTpNiNkOrIvXQiWLP6JrLV39gb0G09dBCn6veCmhiagBvkSY5A8/wWphiG9k1 OKpwqYp1rFxWEpCgImU3TqiZutIM/yKopJPa+Lz4ZAb6yI62411hati7f6gqdYk1 GU3cJsPMQQ4Xz7Uj0po2gZ76UNo5skYsdOdunQv3foWDVoRNkHB1BbTsrQFBUD3u zbih3vhLmK01lvgNYDTyhJodtCfRJumMn6o0zaWBEYOVpD7GzwABxECyDwSe626D bs8QXWPuK5DaJ/XkntmswRkeJ3NBsGVwaZUszmTPCLLX/XEPDQls1yuYnPCUvo/4 +hNTlkEwpzW1x1G1Kpd7m2j7KsS6xpAgnt90B0RHPrTtS63xEGIgk3Z5301yxzcE OjzJ2ZxxdRIEU6fMgC0W =fvig -----END PGP SIGNATURE-----
