Launchpad.net

CVE 2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Related bugs and status

CVE-2014-9130 (Candidate) is related to these bugs:

Bug #1400736: CVE-2014-9130 libyaml: denial-of-service/application crash with untrusted yaml input

Summary				In	Importance	Status
	1400736	CVE-2014-9130 libyaml: denial-of-service/application crash with untrusted yaml input		libyaml (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014112...
MLIST: [oss-security] 2014112...
MLIST: [oss-security] 2014112...
MISC: https://bitbucket.org/...
CONFIRM: https://bitbucket.org/...
BID: 71349
SECUNIA: 59947
SECUNIA: 60944
CONFIRM: http://linux.oracle.co...
SECUNIA: 62705
SECUNIA: 62723
SECUNIA: 62774
DEBIAN: DSA-3102
DEBIAN: DSA-3103
DEBIAN: DSA-3115
REDHAT: RHSA-2015:0100
REDHAT: RHSA-2015:0112
UBUNTU: USN-2461-1
UBUNTU: USN-2461-2
UBUNTU: USN-2461-3
REDHAT: RHSA-2015:0260
SUSE: openSUSE-SU-2015:0319
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2014:242
MANDRIVA: MDVSA-2015:060
SUSE: openSUSE-SU-2016:1067
SECUNIA: 62164
SECUNIA: 62174
SECUNIA: 62176
XF: libyaml-cve20149130-do...
CONFIRM: https://puppet.com/sec...