MGASA-2020-0275 - Updated perl-YAML packages fix security vulnerability Publication date: 05 Jul 2020 URL: https://advisories.mageia.org/MGASA-2020-0275.html Type: security Affected Mageia releases: 7 Updated perl-YAML package fixes security vulnerability: This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob feature you would be able to set the variable $YAML::LoadCode from a YAML file, and that would be a security issue. The perl-YAML package has been updated to version 1.30, fixing this issue and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=25900 - https://metacpan.org/changes/distribution/YAML - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MKJQXJGMWYVDZSQFDB4EJ2WNJ6RU65J4/ SRPMS: - 7/core/perl-YAML-1.300.0-1.mga7
Mageia 2020-0275: perl-YAML security update
Updated perl-YAML package fixes security vulnerability: This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob f...
Summary
References
- https://bugs.mageia.org/show_bug.cgi?id=25900
- https://metacpan.org/changes/distribution/YAML
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MKJQXJGMWYVDZSQFDB4EJ2WNJ6RU65J4/
Resolution
MGASA-2020-0275 - Updated perl-YAML packages fix security vulnerability
SRPMS
- 7/core/perl-YAML-1.300.0-1.mga7
Severity
Publication date: 05 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0275.html
Type: security
News
HOWTOs
About Us
Powered By
