-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:060
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : yaml
Date : March 13, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated yaml packages fix security vulnerabilities:
Florian Weimer of the Red Hat Product Security Team discovered a
heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser
and emitter library. A remote attacker could provide a YAML document
with a specially-crafted tag that, when parsed by an application
using libyaml, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application (CVE-2013-6393).
Ivan Fratric of the Google Security Team di