[Bug 1169369] New: CVE-2014-9130 libyaml: assert failure when processing wrapped strings

bugzilla Mon, 01 Dec 2014 05:21:28 -0800

https://bugzilla.redhat.com/show_bug.cgi?id=1169369


            Bug ID: 1169369
           Summary: CVE-2014-9130 libyaml: assert failure when processing
                    wrapped strings
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: mpr...@redhat.com
                CC: aba...@redhat.com, aort...@redhat.com,
                    apatt...@redhat.com, ape...@redhat.com,
                    ayo...@redhat.com, b...@redhat.com,
                    bkear...@redhat.com, blean...@redhat.com,
                    cbill...@redhat.com, ccole...@redhat.com,
                    chr...@redhat.com, cpell...@redhat.com,
                    cpe...@redhat.com, dajoh...@redhat.com,
                    dal...@redhat.com, dclar...@redhat.com,
                    dmcph...@redhat.com, esamm...@redhat.com,
                    gkot...@redhat.com, gmccu...@redhat.com,
                    ibove...@redhat.com, jdeti...@redhat.com,
                    jecke...@redhat.com, jha...@redhat.com,
                    jia...@redhat.com, jk...@redhat.com,
                    jmatt...@redhat.com, joelsm...@redhat.com,
                    joker...@redhat.com, jor...@redhat.com,
                    jples...@redhat.com, jpra...@redhat.com,
                    jrafa...@redhat.com, jr...@redhat.com,
                    jvl...@redhat.com, katello-b...@redhat.com,
                    kseifr...@redhat.com, l...@redhat.com,
                    lme...@redhat.com, lp...@redhat.com,
                    mar...@redhat.com, m...@redhat.com, mbu...@redhat.com,
                    mcres...@redhat.com, mmasl...@redhat.com,
                    mmcco...@redhat.com, mmcc...@redhat.com,
                    mmcgr...@redhat.com, mmr...@redhat.com,
                    mrg-program-l...@redhat.com, obare...@redhat.com,
                    p...@city-fan.org, perl-devel@lists.fedoraproject.org,
                    pmy...@redhat.com, rbry...@redhat.com,
                    rhos-ma...@redhat.com, scle...@redhat.com,
                    t...@redhat.com, t...@redhat.com, tomc...@redhat.com,
                    trem...@tremble.org.uk, tsand...@redhat.com,
                    willi...@redhat.com, xleca...@redhat.com,
                    yey...@redhat.com



An assertion failure was found in the way the libyaml library parsed wrapped
strings. An attacker able to load specially crafted YAML input into an
application using libyaml could cause the application to crash.

This issue was reported upstream at [1]; a patch that fixes this issue is
available at [2].

[1]
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
[2]
https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug 
https://bugzilla.redhat.com/token.cgi?t=qABK91j78H&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

[Bug 1169369] New: CVE-2014-9130 libyaml: assert failure when processing wrapped strings

Reply via email to