Mandriva Linux Security Advisory : yaml (MDVSA-2014:242)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated yaml and perl-YAML-LibYAML packages fix security
vulnerability :

An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash
(CVE-2014-9130).

The perl-YAML-LibYAML package is also affected, as it was derived from
the same code. Both have been patched to fix this issue.

See also :

http://advisories.mageia.org/MGASA-2014-0508.html

Solution :

Update the affected lib64yaml-devel, lib64yaml0_2 and / or
perl-YAML-LibYAML packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 79987 ()

Bugtraq ID: 71349

CVE ID: CVE-2014-9130

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now