Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Ubuntu 12.04 LTS: USN-2098-1 Critical: LibYAML Denial Of Service

Calendar Feb 04, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical issue ubuntu libyaml
LibYAML could be made to crash or run programs if it opened specially crafted yaml document. 
=========================================================================Ubuntu Security Notice USN-2098-1
February 04, 2014

libyaml vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

LibYAML could be made to crash or run programs if it opened specially
crafted yaml document.

Software Description:
- libyaml: Fast YAML 1.1 parser and emitter library

Details:

Florian Weimer discovered that LibYAML incorrectly handled certain large
yaml documents. An attacker could use this issue to cause LibYAML to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
  libyaml-0-2                     0.1.4-2ubuntu0.13.10.1

Ubuntu 12.10:
  libyaml-0-2                     0.1.4-2ubuntu0.12.10.1

Ubuntu 12.04 LTS:
  libyaml-0-2                     0.1.4-2ubuntu0.12.04.1

After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2098-1
  CVE-2013-6393

Package Information:
  https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.13.10.1
  https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.10.1
  https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.04.1

Ubuntu 12.04 LTS: USN-2098-1 Critical: LibYAML Denial Of Service

ubuntu
Calendar Grey February 4, 2014
Dist Ubuntu Esm H88
LibYAML security flaw enables specially designed documents to lead to crashes or potential code execution. Ensure you update promptly for protection!
LibYAML could be made to crash or run programs if it opened specially crafted yaml document.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical issue ubuntu libyaml

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libyaml-0-2 0.1.4-2ubuntu0.13.10.1 Ubuntu 12.10: libyaml-0-2 0.1.4-2ubuntu0.12.10.1 Ubuntu 12.04 LTS: libyaml-0-2 0.1.4-2ubuntu0.12.04.1 After a standard system update you need to restart applications using LibYAML to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2098-1

CVE-2013-6393

Severity
critical
Lowest
Low
Medium
High
Critical

February 04, 2014

Topics%20covered

Topics Covered

security advisory denial of service critical issue ubuntu libyaml

Package Information

https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.13.10.1 https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/libyaml/0.1.4-2ubuntu0.12.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here