Ubuntu
libyaml package

CVE-2014-9130 libyaml: denial-of-service/application crash with untrusted yaml input

Bug #1400736 reported by Hannes
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libyaml (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

There is a new CVE for libyaml: https://security-tracker.debian.org/tracker/CVE-2014-9130
And a patch is already in the repository: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2

The code in question is present at least in version 0.1.3 to 0.1.6 so all lts versions are likely affected.

CVE References

Hannes (hannes-georg-0)
information type: Private Security → Public
Seth Arnold (seth-arnold)
information type: Public → Public Security
Changed in libyaml (Ubuntu):
status: New → Confirmed
Revision history for this message
Steve Beattie (sbeattie) wrote :

This was addresses in http://www.ubuntu.com/usn/usn-2461-1/ , thanks.

Changed in libyaml (Ubuntu):
status: Confirmed → Fix Released
Mathew Hodson (mhodson)
Changed in libyaml (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.