[ MDVSA-2015:060 ] yaml

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:060
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : yaml
 Date    : March 13, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated yaml packages fix security vulnerabilities:
 
 Florian Weimer of the Red Hat Product Security Team discovered a
 heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser
 and emitter library. A remote attacker could provide a YAML document
 with a specially-crafted tag that, when parsed by an application
 using libyaml, would cause the application to crash or, potentially,
 execute arbitrary code with the privileges of the user running the
 application (CVE-2013-6393).
 
 Ivan Fratric of the Google Security Team di

Leave a Reply