Scientific Linux: SLSA-2015:0100-1 Moderate: libyaml Application Crash

Date: Wed, 28 Jan 2015 18:32:51 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: libyaml on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: libyaml security update
Advisory ID: SLSA-2015:0100-1
Issue Date: 2015-01-28
CVE Numbers: CVE-2014-9130
--

An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash.
(CVE-2014-9130)

All running applications linked against the libyaml library must be
restarted for this update to take effect.
--

SL6
 x86_64
 libyaml-0.1.3-4.el6_6.i686.rpm
 libyaml-0.1.3-4.el6_6.x86_64.rpm
 libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm
 libyaml-debuginfo-0.1.3-4.el6_6.x86_64.rpm
 libyaml-devel-0.1.3-4.el6_6.i686.rpm
 libyaml-devel-0.1.3-4.el6_6.x86_64.rpm
 i386
 libyaml-0.1.3-4.el6_6.i686.rpm
 libyaml-debuginfo-0.1.3-4.el6_6.i686.rpm
 libyaml-devel-0.1.3-4.el6_6.i686.rpm
SL7
 x86_64
 libyaml-0.1.4-11.el7_0.i686.rpm
 libyaml-0.1.4-11.el7_0.x86_64.rpm
 libyaml-debuginfo-0.1.4-11.el7_0.i686.rpm
 libyaml-debuginfo-0.1.4-11.el7_0.x86_64.rpm
 libyaml-devel-0.1.4-11.el7_0.i686.rpm
 libyaml-devel-0.1.4-11.el7_0.x86_64.rpm

- Scientific Linux Development Team