-------------------------------------------------------------------------Debian LTS Advisory DLA-3479-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez July 05, 2023 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : golang-yaml.v2 Version : 2.2.2-1+deb10u1 CVE ID : CVE-2021-4235 CVE-2022-3064 Two denial of service vulnerabilities have been discovered in golang-yaml.v2, a library which provides YAML support for the Go language. CVE-2021-4235 Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. CVE-2022-3064 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. Thanks to Scarlett Moore for working on preparing this update. For Debian 10 buster, these problems have been fixed in version 2.2.2-1+deb10u1. We recommend that you upgrade your golang-yaml.v2 packages. For the detailed security status of golang-yaml.v2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/golang-yaml.v2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-3479-1: golang-yaml.v2 security update
July 5, 2023
Two denial of service vulnerabilities have been discovered in golang-yaml.v2, a library which provides YAML support for the Go language
Summary
Severity
-------------------------------------------------------------------------Package : golang-yaml.v2
Version : 2.2.2-1+deb10u1
CVE ID : CVE-2021-4235 CVE-2022-3064
News
HOWTOs
Features
About Us
Powered By
