Mandriva Linux Security Advisory : yaml (MDVSA-2014:242)

Medium Nessus Plugin ID 79987


The remote Mandriva Linux host is missing one or more security updates.


Updated yaml and perl-YAML-LibYAML packages fix security vulnerability :

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash (CVE-2014-9130).

The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.


Update the affected lib64yaml-devel, lib64yaml0_2 and / or perl-YAML-LibYAML packages.

See Also

Plugin Details

Severity: Medium

ID: 79987

File Name: mandriva_MDVSA-2014-242.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2014/12/15

Modified: 2014/12/16

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64yaml-devel, p-cpe:/a:mandriva:linux:lib64yaml0_2, p-cpe:/a:mandriva:linux:perl-YAML-LibYAML, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/12/14

Reference Information

CVE: CVE-2014-9130

BID: 71349

MDVSA: 2014:242