Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Slackware 14.1 SSA:2014-111-01 Critical: Libyaml Heap Overflow

slackware
Calendar Grey April 21, 2014
Dist Slackware Esm H88
Updated libyaml packages for Slackware address a heap corruption vulnerability that could result in possible arbitrary code execution threats.
New libyaml packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libyaml-0.1.6-i486-1_slack14.1.txz: Upgraded. This update fixes a heap overflow in URI escape parsing of YAML in Ruby, where a specially crafted string could cause a heap overflow leading to arbitrary code execution. For more information, see: https://www.cve.org/CVERecord?id=CVE-2014-2525 https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/ (* Security fix *)

Topics%20covered

Topics Covered

security advisory package update critical fix heap overflow Slackware libyaml

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libyaml-0.1.6-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libyaml-0.1.6-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libyaml-0.1.6-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libyaml-0.1.6-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libyaml-0.1.6-i486-1_slack14.0.txz
Updated package for ...

Read the Full Advisory

MD5 Signatures

Slackware 13.1 package: ee12af7c3173ac80afcdba11b9a253e2 libyaml-0.1.6-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: b2d1e2739d63096bf83c2b71c6423b90 libyaml-0.1.6-x86_64-1_slack13.1.txz
Slackware 13.37 package: 0a09d7c2b5b4768fd28943c928509ce9 libyaml-0.1.6-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 2dff3186a79762ed878eee01ac152896 libyaml-0.1.6-x86_64-1_slack13.37.txz
Slackware 14.0 package: 0a0e0fa373591b7f241fbf34dcc64f4e libyaml-0.1.6-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 55a0705841814c951ef8703603981ea9 libyaml-0.1.6-x86_64-1_slack14.0.txz
Slackware 14.1 package: a718d0a7faa8abac75488c80f42bfc9c libyaml-0.1.6-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 7b628961f34dcafbef95da4f54ab66ca libyaml-0.1.6-x86_64-1_slack14.1.txz
Slackware -current package: 2186402ef70c0ecbe50d804017696389 l/libyaml-0.1.6-i486-1.txz
Slackware x86_64 -current package: 5050ebe1ed835d695bb32a369e56fd41 l/libyaml-0.1.6-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory package update critical fix heap overflow Slackware libyaml

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg libyaml-0.1.6-i486-1_slack14.1.txz

Related News

Your message here