[Bug 1276156] Re: CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags
Mathew Hodson
mathew.hodson at gmail.com
Sun Oct 22 05:33:00 UTC 2017
https://usn.ubuntu.com/usn/usn-2098-1/
** Changed in: libyaml (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libyaml in Ubuntu.
https://bugs.launchpad.net/bugs/1276156
Title:
CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML
tags
Status in libyaml package in Ubuntu:
Fix Released
Status in libyaml source package in Lucid:
Won't Fix
Status in libyaml source package in Precise:
Fix Released
Status in libyaml package in Debian:
Fix Released
Bug description:
https://bugzilla.redhat.com/show_bug.cgi?id=1033990
"A heap-based buffer overflow flaw was found in the way libyaml parsed
YAML tags. A remote attacker could provide a specially-crafted YAML
document that, when parsed by an application using libyaml, would
cause the application to crash or, potentially, execute arbitrary code
with the privileges of the user running the application."
Fixed in Debian package 0.1.4-2+deb7u2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076
That fix has been merged into Trusty already (0.1.4-3ubuntu1) but no
others.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libyaml/+bug/1276156/+subscriptions
More information about the foundations-bugs
mailing list