Mandriva Linux Security Advisory : yaml (MDVSA-2014:242)

medium Nessus Plugin ID 79987

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability :

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash (CVE-2014-9130).

The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.

Solution

Update the affected lib64yaml-devel, lib64yaml0_2 and / or perl-YAML-LibYAML packages.

See Also

http://advisories.mageia.org/MGASA-2014-0508.html

Plugin Details

Severity: Medium

ID: 79987

File Name: mandriva_MDVSA-2014-242.nasl

Version: 1.6

Type: local

Published: 12/15/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64yaml-devel, p-cpe:/a:mandriva:linux:lib64yaml0_2, p-cpe:/a:mandriva:linux:perl-yaml-libyaml, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/14/2014

Reference Information

CVE: CVE-2014-9130

BID: 71349

MDVSA: 2014:242