Hi Scott, On Thu, Dec 11, 2014 at 07:09:11AM -0500, Scott Kitterman wrote: > On December 11, 2014 6:37:51 AM EST, Moritz Muehlenhoff <[email protected]> > wrote: > >Package: pyyaml > >Severity: grave > >Tags: security > > > >Hi, > >CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short > >reproducer. > > I'm away from any computer I could test this on today. > > Is this still a problem with a fixed libyaml? Our pyyaml is built > against it and I thought didn't use the internal parser.
It seems so, and there was some discussion on the oss-security list (also about if this should get a separate CVE for pyyaml)[0]. [0] http://www.openwall.com/lists/oss-security/2014/11/28/8 On up-to-date unstable the reproducer gives: Traceback (most recent call last): File "CVE-2014-9130.py", line 5, in <module> foo = yaml.load(stream) File "/usr/lib/python2.7/dist-packages/yaml/__init__.py", line 71, in load return loader.get_single_data() File "/usr/lib/python2.7/dist-packages/yaml/constructor.py", line 37, in get_single_data node = self.get_single_node() File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 36, in get_single_node document = self.compose_document() File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 55, in compose_document node = self.compose_node(None, None) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 127, in compose_mapping_node while not self.check_event(MappingEndEvent): File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 98, in check_event self.current_event = self.state() File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 428, in parse_block_mapping_key if self.check_token(KeyToken): File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 116, in check_token self.fetch_more_tokens() File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 252, in fetch_more_tokens return self.fetch_plain() File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 672, in fetch_plain self.save_possible_simple_key() File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 302, in save_possible_simple_key assert self.allow_simple_key or not required AssertionError Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
