Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 14.10: 2461-3 Critical Vulnerability in PyYAML Denial of Service

Calendar Jan 12, 2015 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical software update ubuntu pyyaml
Applications using PyYAML could be made to crash if they received specially crafted input. 
=========================================================================Ubuntu Security Notice USN-2461-3
January 12, 2015

pyyaml vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Applications using PyYAML could be made to crash if they received
specially crafted input.

Software Description:
- pyyaml: YAML parser and emitter for Python

Details:

Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not
properly handle wrapped strings. An attacker could create specially
crafted YAML data to trigger an assert, causing a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  python-yaml                     3.11-1ubuntu0.1
  python3-yaml                    3.11-1ubuntu0.1

Ubuntu 14.04 LTS:
  python-yaml                     3.10-4ubuntu0.1
  python3-yaml                    3.10-4ubuntu0.1

Ubuntu 12.04 LTS:
  python-yaml                     3.10-2ubuntu0.1
  python3-yaml                    3.10-2ubuntu0.1

After a standard system update you need to restart applications using
PyYAML to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2461-3
  CVE-2014-9130

Package Information:
  https://launchpad.net/ubuntu/+source/pyyaml/3.11-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/pyyaml/3.10-4ubuntu0.1
  https://launchpad.net/ubuntu/+source/pyyaml/3.10-2ubuntu0.1

Ubuntu 14.10: 2461-3 Critical Vulnerability in PyYAML Denial of Service

ubuntu
Calendar Grey January 12, 2015
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-2461-3 explores a PyYAML flaw affecting users, delivering critical patches.
Applications using PyYAML could be made to crash if they received specially crafted input.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical software update ubuntu pyyaml

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: python-yaml 3.11-1ubuntu0.1 python3-yaml 3.11-1ubuntu0.1 Ubuntu 14.04 LTS: python-yaml 3.10-4ubuntu0.1 python3-yaml 3.10-4ubuntu0.1 Ubuntu 12.04 LTS: python-yaml 3.10-2ubuntu0.1 python3-yaml 3.10-2ubuntu0.1 After a standard system update you need to restart applications using PyYAML to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2461-3

CVE-2014-9130

Severity
critical
Lowest
Low
Medium
High
Critical

January 12, 2015

Topics%20covered

Topics Covered

security advisory denial of service critical software update ubuntu pyyaml

Package Information

https://launchpad.net/ubuntu/+source/pyyaml/3.11-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pyyaml/3.10-4ubuntu0.1 https://launchpad.net/ubuntu/+source/pyyaml/3.10-2ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here