Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
197
security advisorybuffer overflowdebianDebian LTS 1.34-1 libyaml-syck-perl Critical Buffer Overflow CVE-2025-11683
Brief introduction CVE-2025-11683 Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read. The issue is seen with complex YAML files with a hash of all keys and empty values.. Debian LTS Advisory DLA-4525-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Andrej Shadura April 09, 2026 https://wiki.debian.org/LTS Package : libyaml-syck-perl Version : 1.34-1+deb11u1 CVE ID : CVE-2025-11683 CVE-2026-4177 Brief introduction CVE-2025-11683 Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read. The issue is seen with complex YAML files with a hash of all keys and empty values. CVE-2026-4177 Several security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n-> type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return. For Debian 11 bullseye, these problems have been fixed in version 1.34-1+deb11u1. We recommend that you upgrade your libyaml-syck-perl packages. For the detailed security status of libyaml-syck-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libyaml-syck-perl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical update on libyaml-syck-perl for Debian addressing high-severity issues like buffer overflow and out-of-bounds reads.. libyaml-syck-perl security update heap overflow Debian LTS CVE-2025-11683. . Severity: Critical. LinuxSecurity.comTeam
Apr 09, 2026
•Critical
Debian LTS
219
security advisorybuffer overflowimportantRocky Linux 8 Update RLSA-2026-6473 Critical Issue in perl-JSON Module
Important: perl-YAML-Syck security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:6470", "synopsis": "Important: perl-YAML-Syck security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-YAML-Syck.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around.\n\nSecurity Fix(es):\n\n* perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter (CVE-2026-4177)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2448277", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448277", "description": ""}], "cves": [{"name": "CVE-2026-4177", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4177", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "7.3", "cwe": "CWE-120"}], "references": [], "publishedAt": "2026-04-09T06:02:33.513118Z", "rpms": {"Rocky Linux 8": {"nvras": ["perl-YAML-Syck-0:1.30-6.el8_10.aarch64.rpm", "perl-YAML-Syck-0:1.30-6.el8_10.src.rpm", "perl-YAML-Syck-0:1.30-6.el8_10.x86_64.rpm", "perl-YAML-Syck-debuginfo-0:1.30-6.el8_10.aarch64.rpm", "perl-YAML-Syck-debuginfo-0:1.30-6.el8_10.x86_64.rpm", "perl-YAML-Syck-debugsource-0:1.30-6.el8_10.aarch64.rpm", "perl-YAML-Syck-debugsource-0:1.30-6.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Criticalperl-YAML-Syck update for Rocky Linux 8 addresses high-severity security issues and buffer overflow vulnerabilities.. per-YAML-Syck update, security patch, Rocky Linux fix. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Rocky Linux
172
security advisoryupdatecriticalUbuntu 20.04 LTS - USN-6287-1 Critical: golang-yaml.v2 DoS Issues
Several security issues were patched in the Go yaml package.. ========================================================================== Ubuntu Security Notice USN-6287-1 August 14, 2023 golang-yaml.v2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were patched in the Go yaml package. Software Description: - golang-yaml.v2: YAML support for the Go language Details: Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2021-4235) It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2022-3064) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: golang-gopkg-yaml.v2-dev 2.2.2-1ubuntu0.1 golang-yaml.v2-dev 2.2.2-1ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): golang-gopkg-yaml.v2-dev 0.0+git20170407.0.cd8b52f-1ubuntu2+esm1 golang-yaml.v2-dev 0.0+git20170407.0.cd8b52f-1ubuntu2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): golang-yaml.v2-dev 0.0+git20160301.0.a83829b-1ubuntu0.1~esm1 After a standard system update anything that depends on golang-yaml.v2 needs to be rebuilt to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6287-1 CVE-2021-4235, CVE-2022-3064 Package Information: https://launchpad.net/ubuntu/+source/golang-yaml.v2/2.2.2-1ubuntu0.1 . A number of security flaws in golang-yaml.v2 were tackled in Ubuntu Security Notice USN-6287-1, released on August 14, 2023.. golang-yaml, Ubuntu security, software updates, yaml risks, denial of service. . Severity: Critical. LinuxSecurity.com Team
Aug 14, 2023
•Critical
Ubuntu
197
security advisorydebianpackage updateDebian 9 Stretch: DLA-2357-1 Moderate: ros-actionlib YAML Load Issue
Use of unsafe yaml load was fixed in ros-actionlib, the Robot OS actionlib library. For Debian 9 stretch, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2357-1
Aug 30, 2020
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!