Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-6393
Vulnerability from cvelistv5
Published
2014-02-06 22:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
2.24%
(0.89523)
Summary
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:39:01.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2014:0273", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { name: "DSA-2870", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-2870", }, { name: "APPLE-SA-2014-10-16-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { name: "APPLE-SA-2014-04-22-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "102716", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/102716", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { name: "MDVSA-2015:060", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", }, { name: "65258", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65258", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { name: "openSUSE-SU-2015:0319", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { name: "RHSA-2014:0355", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { name: "openSUSE-SU-2014:0272", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { name: "RHSA-2014:0354", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT6536", }, { name: "openSUSE-SU-2016:1067", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { name: "DSA-2850", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-2850", }, { name: "RHSA-2014:0353", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2013-6393", }, { name: "USN-2098-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2098-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-24T00:00:00", descriptions: [ { lang: "en", value: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "openSUSE-SU-2014:0273", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { name: "DSA-2870", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-2870", }, { name: "APPLE-SA-2014-10-16-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { name: "APPLE-SA-2014-04-22-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "102716", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/102716", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { name: "MDVSA-2015:060", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", }, { name: "65258", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65258", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { name: "openSUSE-SU-2015:0319", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { name: "RHSA-2014:0355", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { name: "openSUSE-SU-2014:0272", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { name: "RHSA-2014:0354", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT6536", }, { name: "openSUSE-SU-2016:1067", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { name: "DSA-2850", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-2850", }, { name: "RHSA-2014:0353", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2013-6393", }, { name: "USN-2098-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2098-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-6393", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2014:0273", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { name: "DSA-2870", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-2870", }, { name: "APPLE-SA-2014-10-16-3", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { name: "APPLE-SA-2014-04-22-1", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "102716", refsource: "OSVDB", url: "http://osvdb.org/102716", }, { name: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", refsource: "MISC", url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { name: "MDVSA-2015:060", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", }, { name: "65258", refsource: "BID", url: "http://www.securityfocus.com/bid/65258", }, { name: "http://advisories.mageia.org/MGASA-2014-0040.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { name: "openSUSE-SU-2015:0319", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { name: "RHSA-2014:0355", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { name: "openSUSE-SU-2014:0272", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { name: "RHSA-2014:0354", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { name: "https://support.apple.com/kb/HT6536", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT6536", }, { name: "openSUSE-SU-2016:1067", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { name: "DSA-2850", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-2850", }, { name: "RHSA-2014:0353", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { name: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", refsource: "CONFIRM", url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { name: "https://puppet.com/security/cve/cve-2013-6393", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2013-6393", }, { name: "USN-2098-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2098-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-6393", datePublished: "2014-02-06T22:00:00", dateReserved: "2013-11-04T00:00:00", dateUpdated: "2024-08-06T17:39:01.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2013-6393\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-02-06T22:55:03.217\",\"lastModified\":\"2024-11-21T01:59:08.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.\"},{\"lang\":\"es\",\"value\":\"La función yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un \\\"cast\\\" incorrecto, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y probablemente ejecutar código arbitrario a través de etiquetas manipuladas en YAML.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.1.4\",\"matchCriteriaId\":\"64CF0E49-704A-4190-9BA8-6332F1B12430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F454F77-1AB1-44CF-8E1F-47BD71966CB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7892D90-243C-4588-92D0-F49B3443B3DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9759A8FD-7010-4D10-9E26-A03FDDDA187B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2076871-2E80-4605-A470-A41C1A8EC7EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F61F047-129C-41A6-8A27-FFCBB8563E91\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6533B15B-F748-4A5D-AB86-31D38DFAE60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1802FDB8-C919-4D5E-A8AD-4C5B72525090\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE554781-1EB9-446E-911F-6C11970C47F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0040.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/102716\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0353.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0354.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0355.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2850\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2870\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:060\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/65258\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2098-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/xi/libyaml/commits/tag/0.1.5\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1033990\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://puppet.com/security/cve/cve-2013-6393\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/kb/HT6536\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/102716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0353.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0354.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0355.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/65258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2098-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/xi/libyaml/commits/tag/0.1.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1033990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://puppet.com/security/cve/cve-2013-6393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT6536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
RHSA-2014:0415
Vulnerability from csaf_redhat
Published
2014-04-17 12:01
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Common for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
Note: In their default configuration, applications distributed via the Red
Hat Common channel do not use the libyaml library for parsing YAML, and are
therefore not vulnerable to these issues.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Common for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nNote: In their default configuration, applications distributed via the Red\nHat Common channel do not use the libyaml library for parsing YAML, and are\ntherefore not vulnerable to these issues.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0415", url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0415.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:24+00:00", generator: { date: "2024-12-06T19:16:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0415", initial_release_date: "2014-04-17T12:01:57+00:00", revision_history: [ { date: "2014-04-17T12:01:57+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-17T12:01:57+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Common for RHEL Server (v. 6)", product: { name: "Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_common:6::el6", }, }, }, ], category: "product_family", name: "Red Hat Common", }, { branches: [ { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=i686", }, }, }, { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-0:0.1.3-1.4.el6.i686", product_id: "libyaml-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=i686", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.i686", product_id: "libyaml-devel-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-17T12:01:57+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-17T12:01:57+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014:0364
Vulnerability from csaf_redhat
Published
2014-04-03 20:18
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: ruby193-libyaml security update
Notes
Topic
Updated ruby193-libyaml packages that fix two security issues are now
available for Red Hat Enterprise Linux OpenStack Platform 3.0.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All ruby193-libyaml users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated ruby193-libyaml packages that fix two security issues are now\navailable for Red Hat Enterprise Linux OpenStack Platform 3.0.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll ruby193-libyaml users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0364", url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0364.json", }, ], title: "Red Hat Security Advisory: ruby193-libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:19+00:00", generator: { date: "2024-12-06T19:16:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0364", initial_release_date: "2014-04-03T20:18:42+00:00", revision_history: [ { date: "2014-04-03T20:18:42+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-03T20:18:42+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:3::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-devel@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-debuginfo@0.1.4-5.1.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-03T20:18:42+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-03T20:18:42+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014:0354
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Enterprise Linux OpenStack Platform 4.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Enterprise Linux OpenStack Platform 4.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0354", url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0354.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:08+00:00", generator: { date: "2024-12-06T19:16:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0354", initial_release_date: "2014-04-02T19:50:48+00:00", revision_history: [ { date: "2014-04-02T19:50:48+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 4.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:4::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014_0364
Vulnerability from csaf_redhat
Published
2014-04-03 20:18
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: ruby193-libyaml security update
Notes
Topic
Updated ruby193-libyaml packages that fix two security issues are now
available for Red Hat Enterprise Linux OpenStack Platform 3.0.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All ruby193-libyaml users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated ruby193-libyaml packages that fix two security issues are now\navailable for Red Hat Enterprise Linux OpenStack Platform 3.0.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll ruby193-libyaml users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0364", url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0364.json", }, ], title: "Red Hat Security Advisory: ruby193-libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:19+00:00", generator: { date: "2024-12-06T19:16:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0364", initial_release_date: "2014-04-03T20:18:42+00:00", revision_history: [ { date: "2014-04-03T20:18:42+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-03T20:18:42+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:3::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-devel@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-debuginfo@0.1.4-5.1.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-03T20:18:42+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-03T20:18:42+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014:0415
Vulnerability from csaf_redhat
Published
2014-04-17 12:01
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Common for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
Note: In their default configuration, applications distributed via the Red
Hat Common channel do not use the libyaml library for parsing YAML, and are
therefore not vulnerable to these issues.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Common for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nNote: In their default configuration, applications distributed via the Red\nHat Common channel do not use the libyaml library for parsing YAML, and are\ntherefore not vulnerable to these issues.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0415", url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0415.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:24+00:00", generator: { date: "2024-12-06T19:16:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0415", initial_release_date: "2014-04-17T12:01:57+00:00", revision_history: [ { date: "2014-04-17T12:01:57+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-17T12:01:57+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Common for RHEL Server (v. 6)", product: { name: "Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_common:6::el6", }, }, }, ], category: "product_family", name: "Red Hat Common", }, { branches: [ { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=i686", }, }, }, { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-0:0.1.3-1.4.el6.i686", product_id: "libyaml-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=i686", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.i686", product_id: "libyaml-devel-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-17T12:01:57+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-17T12:01:57+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
RHSA-2014:0355
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: ruby193-libyaml security update
Notes
Topic
Updated ruby193-libyaml packages that fix two security issues are now
available for Red Hat Software Collections 1.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All ruby193-libyaml users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated ruby193-libyaml packages that fix two security issues are now\navailable for Red Hat Software Collections 1.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll ruby193-libyaml users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0355", url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0355.json", }, ], title: "Red Hat Security Advisory: ruby193-libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:00+00:00", generator: { date: "2024-12-06T19:16:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0355", initial_release_date: "2014-04-02T19:50:41+00:00", revision_history: [ { date: "2014-04-02T19:50:41+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:1::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:1::el6", }, }, }, ], category: "product_family", name: "Red Hat Software Collections", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-devel@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-debuginfo@0.1.4-5.1.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:41+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:41+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
RHSA-2014:0364
Vulnerability from csaf_redhat
Published
2014-04-03 20:18
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: ruby193-libyaml security update
Notes
Topic
Updated ruby193-libyaml packages that fix two security issues are now
available for Red Hat Enterprise Linux OpenStack Platform 3.0.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All ruby193-libyaml users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated ruby193-libyaml packages that fix two security issues are now\navailable for Red Hat Enterprise Linux OpenStack Platform 3.0.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll ruby193-libyaml users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0364", url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0364.json", }, ], title: "Red Hat Security Advisory: ruby193-libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:19+00:00", generator: { date: "2024-12-06T19:16:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0364", initial_release_date: "2014-04-03T20:18:42+00:00", revision_history: [ { date: "2014-04-03T20:18:42+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-03T20:18:42+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:3::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-devel@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-debuginfo@0.1.4-5.1.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-03T20:18:42+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-03T20:18:42+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0364", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-Grizzly:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-Grizzly:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014_0415
Vulnerability from csaf_redhat
Published
2014-04-17 12:01
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Common for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
Note: In their default configuration, applications distributed via the Red
Hat Common channel do not use the libyaml library for parsing YAML, and are
therefore not vulnerable to these issues.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Common for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nNote: In their default configuration, applications distributed via the Red\nHat Common channel do not use the libyaml library for parsing YAML, and are\ntherefore not vulnerable to these issues.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0415", url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0415.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:24+00:00", generator: { date: "2024-12-06T19:16:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0415", initial_release_date: "2014-04-17T12:01:57+00:00", revision_history: [ { date: "2014-04-17T12:01:57+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-17T12:01:57+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Common for RHEL Server (v. 6)", product: { name: "Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_common:6::el6", }, }, }, ], category: "product_family", name: "Red Hat Common", }, { branches: [ { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=i686", }, }, }, { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-0:0.1.3-1.4.el6.i686", product_id: "libyaml-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=i686", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.i686", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.i686", product_id: "libyaml-devel-0:0.1.3-1.4.el6.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.i686 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.i686", relates_to_product_reference: "6Server-RH-Common", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Common for RHEL Server (v. 6)", product_id: "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RH-Common", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-17T12:01:57+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-17T12:01:57+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0415", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.src", "6Server-RH-Common:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.i686", "6Server-RH-Common:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
RHSA-2014:0353
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Enterprise Linux OpenStack Platform 3.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Enterprise Linux OpenStack Platform 3.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0353", url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0353.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:14+00:00", generator: { date: "2024-12-06T19:16:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0353", initial_release_date: "2014-04-02T19:50:54+00:00", revision_history: [ { date: "2014-04-02T19:50:54+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:3::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:54+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:54+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014_0354
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Enterprise Linux OpenStack Platform 4.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Enterprise Linux OpenStack Platform 4.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0354", url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0354.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:08+00:00", generator: { date: "2024-12-06T19:16:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0354", initial_release_date: "2014-04-02T19:50:48+00:00", revision_history: [ { date: "2014-04-02T19:50:48+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 4.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:4::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014_0355
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: ruby193-libyaml security update
Notes
Topic
Updated ruby193-libyaml packages that fix two security issues are now
available for Red Hat Software Collections 1.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All ruby193-libyaml users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated ruby193-libyaml packages that fix two security issues are now\navailable for Red Hat Software Collections 1.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll ruby193-libyaml users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0355", url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0355.json", }, ], title: "Red Hat Security Advisory: ruby193-libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:00+00:00", generator: { date: "2024-12-06T19:16:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0355", initial_release_date: "2014-04-02T19:50:41+00:00", revision_history: [ { date: "2014-04-02T19:50:41+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:1::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:1::el6", }, }, }, ], category: "product_family", name: "Red Hat Software Collections", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-devel@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-debuginfo@0.1.4-5.1.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:41+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:41+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
RHSA-2014:0354
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Enterprise Linux OpenStack Platform 4.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Enterprise Linux OpenStack Platform 4.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0354", url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0354.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:08+00:00", generator: { date: "2024-12-06T19:16:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0354", initial_release_date: "2014-04-02T19:50:48+00:00", revision_history: [ { date: "2014-04-02T19:50:48+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 4.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:4::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 4.0", product_id: "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-RHOS-4.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0354", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.src", "6Server-RHOS-4.0:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-RHOS-4.0:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014_0353
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Enterprise Linux OpenStack Platform 3.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Enterprise Linux OpenStack Platform 3.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0353", url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0353.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:14+00:00", generator: { date: "2024-12-06T19:16:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0353", initial_release_date: "2014-04-02T19:50:54+00:00", revision_history: [ { date: "2014-04-02T19:50:54+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:3::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:54+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:54+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014:0355
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: ruby193-libyaml security update
Notes
Topic
Updated ruby193-libyaml packages that fix two security issues are now
available for Red Hat Software Collections 1.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All ruby193-libyaml users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated ruby193-libyaml packages that fix two security issues are now\navailable for Red Hat Software Collections 1.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll ruby193-libyaml users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0355", url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0355.json", }, ], title: "Red Hat Security Advisory: ruby193-libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:00+00:00", generator: { date: "2024-12-06T19:16:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0355", initial_release_date: "2014-04-02T19:50:41+00:00", revision_history: [ { date: "2014-04-02T19:50:41+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:1::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:1::el6", }, }, }, ], category: "product_family", name: "Red Hat Software Collections", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-devel@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=x86_64", }, }, }, { category: "product_version", name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_id: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml-debuginfo@0.1.4-5.1.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_id: "ruby193-libyaml-0:0.1.4-5.1.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.src as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.src", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, { category: "default_component_of", full_product_name: { name: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64 as a component of Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", }, product_reference: "ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-1.0", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:41+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:41+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0355", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Server-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Server-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.src", "6Workstation-RHSCL-1.0:ruby193-libyaml-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-debuginfo-0:0.1.4-5.1.el6.x86_64", "6Workstation-RHSCL-1.0:ruby193-libyaml-devel-0:0.1.4-5.1.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
rhsa-2014:0353
Vulnerability from csaf_redhat
Published
2014-04-02 19:50
Modified
2024-12-06 19:16
Summary
Red Hat Security Advisory: libyaml security update
Notes
Topic
Updated libyaml packages that fix two security issues are now available for
Red Hat Enterprise Linux OpenStack Platform 3.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
YAML is a data serialization format designed for human readability and
interaction with scripting languages. LibYAML is a YAML parser and emitter
written in C.
A buffer overflow flaw was found in the way the libyaml library parsed URLs
in YAML documents. An attacker able to load specially crafted YAML input to
an application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2014-2525)
An integer overflow flaw was found in the way the libyaml library handled
excessively long YAML tags. An attacker able to load specially crafted YAML
input to application using libyaml could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2013-6393)
Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.
oCERT acknowledges Ivan Fratric of the Google Security Team as the original
reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the
Red Hat Product Security Team.
All libyaml users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the libyaml library must be restarted for this
update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated libyaml packages that fix two security issues are now available for\nRed Hat Enterprise Linux OpenStack Platform 3.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "YAML is a data serialization format designed for human readability and\ninteraction with scripting languages. LibYAML is a YAML parser and emitter\nwritten in C.\n\nA buffer overflow flaw was found in the way the libyaml library parsed URLs\nin YAML documents. An attacker able to load specially crafted YAML input to\nan application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2014-2525)\n\nAn integer overflow flaw was found in the way the libyaml library handled\nexcessively long YAML tags. An attacker able to load specially crafted YAML\ninput to application using libyaml could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2013-6393)\n\nRed Hat would like to thank oCERT for reporting the CVE-2014-2525 issue.\noCERT acknowledges Ivan Fratric of the Google Security Team as the original\nreporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the\nRed Hat Product Security Team.\n\nAll libyaml users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the libyaml library must be restarted for this\nupdate to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0353", url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0353.json", }, ], title: "Red Hat Security Advisory: libyaml security update", tracking: { current_release_date: "2024-12-06T19:16:14+00:00", generator: { date: "2024-12-06T19:16:14+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2014:0353", initial_release_date: "2014-04-02T19:50:54+00:00", revision_history: [ { date: "2014-04-02T19:50:54+00:00", number: "1", summary: "Initial version", }, { date: "2014-04-02T19:50:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T19:16:14+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product: { name: "Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:3::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.src", product: { name: "libyaml-0:0.1.3-1.4.el6.src", product_id: "libyaml-0:0.1.3-1.4.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libyaml-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-devel@0.1.3-1.4.el6?arch=x86_64", }, }, }, { category: "product_version", name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_id: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libyaml-debuginfo@0.1.3-1.4.el6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", }, product_reference: "libyaml-0:0.1.3-1.4.el6.src", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, { category: "default_component_of", full_product_name: { name: "libyaml-devel-0:0.1.3-1.4.el6.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 3.0", product_id: "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", }, product_reference: "libyaml-devel-0:0.1.3-1.4.el6.x86_64", relates_to_product_reference: "6Server-Grizzly", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Florian Weimer", ], organization: "Red Hat Product Security Team", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2013-6393", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2013-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1033990", }, ], notes: [ { category: "description", text: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing YAML tags", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\n\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \n\nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\n\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-6393", }, { category: "external", summary: "RHBZ#1033990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-6393", url: "https://www.cve.org/CVERecord?id=CVE-2013-6393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, ], release_date: "2014-01-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:54+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libyaml: heap-based buffer overflow when parsing YAML tags", }, { acknowledgments: [ { names: [ "oCERT", ], }, ], cve: "CVE-2014-2525", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2014-03-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1078083", }, ], notes: [ { category: "description", text: "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.", title: "Vulnerability description", }, { category: "summary", text: "libyaml: heap-based buffer overflow when parsing URLs", title: "Vulnerability summary", }, { category: "other", text: "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-2525", }, { category: "external", summary: "RHBZ#1078083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1078083", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-2525", url: "https://www.cve.org/CVERecord?id=CVE-2014-2525", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-2525", }, ], release_date: "2014-03-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-04-02T19:50:54+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0353", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.src", "6Server-Grizzly:libyaml-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-debuginfo-0:0.1.3-1.4.el6.x86_64", "6Server-Grizzly:libyaml-devel-0:0.1.3-1.4.el6.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "libyaml: heap-based buffer overflow when parsing URLs", }, ], }
gsd-2013-6393
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Aliases
Aliases
{ GSD: { alias: "CVE-2013-6393", description: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", id: "GSD-2013-6393", references: [ "https://www.suse.com/security/cve/CVE-2013-6393.html", "https://www.debian.org/security/2014/dsa-2870", "https://www.debian.org/security/2014/dsa-2850", "https://access.redhat.com/errata/RHSA-2014:0415", "https://access.redhat.com/errata/RHSA-2014:0364", "https://access.redhat.com/errata/RHSA-2014:0355", "https://access.redhat.com/errata/RHSA-2014:0354", "https://access.redhat.com/errata/RHSA-2014:0353", "https://advisories.mageia.org/CVE-2013-6393.html", "https://alas.aws.amazon.com/cve/html/CVE-2013-6393.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2013-6393", ], details: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", id: "GSD-2013-6393", modified: "2023-12-13T01:22:19.391611Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-6393", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2014:0273", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { name: "DSA-2870", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-2870", }, { name: "APPLE-SA-2014-10-16-3", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { name: "APPLE-SA-2014-04-22-1", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "102716", refsource: "OSVDB", url: "http://osvdb.org/102716", }, { name: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", refsource: "MISC", url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { name: "MDVSA-2015:060", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", }, { name: "65258", refsource: "BID", url: "http://www.securityfocus.com/bid/65258", }, { name: "http://advisories.mageia.org/MGASA-2014-0040.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { name: "openSUSE-SU-2015:0319", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { name: "RHSA-2014:0355", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { name: "openSUSE-SU-2014:0272", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { name: "RHSA-2014:0354", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { name: "https://support.apple.com/kb/HT6536", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT6536", }, { name: "openSUSE-SU-2016:1067", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { name: "DSA-2850", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-2850", }, { name: "RHSA-2014:0353", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { name: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", refsource: "CONFIRM", url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { name: "https://puppet.com/security/cve/cve-2013-6393", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2013-6393", }, { name: "USN-2098-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2098-1", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "<0.2.3", affected_versions: "All versions before 0.2.3", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:P", cwe_ids: [ "CWE-1035", "CWE-119", "CWE-937", ], date: "2018-10-30", description: "LibYAML, the library that libyaml provides bindings for is vulnerable to a heap-based buffer overflow when parsing YAML tags.", fixed_versions: [ "0.2.3", ], identifier: "CVE-2013-6393", identifiers: [ "CVE-2013-6393", ], package_slug: "npm/libyaml", pubdate: "2014-02-06", solution: "Update to version 0.2.3 that includes a version of LibYAML that contains a fix for this issue.", title: "eap-based buffer overflow when parsing YAML tags", urls: [ "https://bitbucket.org/xi/libyaml/pull-request/1/fix-cve-2013-6393/diff", ], uuid: "af3e4df1-553f-48ea-868c-a3a665f30244", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.1.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-6393", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "102716", refsource: "OSVDB", tags: [], url: "http://osvdb.org/102716", }, { name: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", refsource: "MISC", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { name: "65258", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/65258", }, { name: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", refsource: "CONFIRM", tags: [ "Issue Tracking", ], url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", refsource: "CONFIRM", tags: [ "Patch", "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { name: "USN-2098-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2098-1", }, { name: "DSA-2850", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2850", }, { name: "openSUSE-SU-2014:0272", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { name: "openSUSE-SU-2014:0273", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { name: "DSA-2870", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2870", }, { name: "RHSA-2014:0353", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { name: "RHSA-2014:0355", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { name: "RHSA-2014:0354", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { name: "APPLE-SA-2014-04-22-1", refsource: "APPLE", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "APPLE-SA-2014-10-16-3", refsource: "APPLE", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { name: "https://support.apple.com/kb/HT6536", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6536", }, { name: "openSUSE-SU-2015:0319", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { name: "http://advisories.mageia.org/MGASA-2014-0040.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { name: "MDVSA-2015:060", refsource: "MANDRIVA", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", }, { name: "openSUSE-SU-2016:1067", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { name: "https://puppet.com/security/cve/cve-2013-6393", refsource: "CONFIRM", tags: [], url: "https://puppet.com/security/cve/cve-2013-6393", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, }, lastModifiedDate: "2018-10-30T16:27Z", publishedDate: "2014-02-06T22:55Z", }, }, }
fkie_cve-2013-6393
Vulnerability from fkie_nvd
Published
2014-02-06 22:55
Modified
2024-11-21 01:59
Severity ?
Summary
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pyyaml | libyaml | * | |
| pyyaml | libyaml | 0.0.1 | |
| pyyaml | libyaml | 0.1.1 | |
| pyyaml | libyaml | 0.1.2 | |
| pyyaml | libyaml | 0.1.3 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.10 | |
| redhat | openstack | 3.0 | |
| redhat | openstack | 4.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*", matchCriteriaId: "64CF0E49-704A-4190-9BA8-6332F1B12430", versionEndIncluding: "0.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7F454F77-1AB1-44CF-8E1F-47BD71966CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4", vulnerable: true, }, { criteria: "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A7892D90-243C-4588-92D0-F49B3443B3DB", vulnerable: true, }, { criteria: "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9759A8FD-7010-4D10-9E26-A03FDDDA187B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", matchCriteriaId: "7F61F047-129C-41A6-8A27-FFCBB8563E91", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", matchCriteriaId: "6533B15B-F748-4A5D-AB86-31D38DFAE60F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", matchCriteriaId: "1802FDB8-C919-4D5E-A8AD-4C5B72525090", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", matchCriteriaId: "DE554781-1EB9-446E-911F-6C11970C47F4", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.", }, { lang: "es", value: "La función yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un \"cast\" incorrecto, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y probablemente ejecutar código arbitrario a través de etiquetas manipuladas en YAML.", }, ], id: "CVE-2013-6393", lastModified: "2024-11-21T01:59:08.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-06T22:55:03.217", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/102716", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2850", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2870", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/65258", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2098-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { source: "secalert@redhat.com", url: "https://puppet.com/security/cve/cve-2013-6393", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6536", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/102716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/65258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2098-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/cve-2013-6393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6536", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-m75h-cghq-c8h5
Vulnerability from github
Published
2020-08-31 22:51
Modified
2021-09-23 20:56
Summary
Heap Based Buffer Overflow in libyaml
Details
Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags.
Recommendation
- Update to version 0.2.3 that includes a version of LibYAML that contains a fix for this issue.
{ affected: [ { package: { ecosystem: "npm", name: "libyaml", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "0.2.3", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2013-6393", ], database_specific: { cwe_ids: [ "CWE-119", ], github_reviewed: true, github_reviewed_at: "2020-08-31T18:08:07Z", nvd_published_at: null, severity: "CRITICAL", }, details: "Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags.\n\n\n\n\n\n## Recommendation\n\n- Update to version 0.2.3 that includes a version of LibYAML that contains a fix for this issue.", id: "GHSA-m75h-cghq-c8h5", modified: "2021-09-23T20:56:01Z", published: "2020-08-31T22:51:50Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-6393", }, { type: "PACKAGE", url: "https://bitbucket.org/xi/libyaml", }, { type: "WEB", url: "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048", }, { type: "WEB", url: "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", }, { type: "WEB", url: "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", }, { type: "WEB", url: "https://puppet.com/security/cve/cve-2013-6393", }, { type: "WEB", url: "https://support.apple.com/kb/HT6536", }, { type: "WEB", url: "https://web.archive.org/web/20140302205713/http://www.securityfocus.com/bid/65258", }, { type: "WEB", url: "https://web.archive.org/web/20150523055002/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:060/?name=MDVSA-2015:060", }, { type: "WEB", url: "https://www.npmjs.com/advisories/21", }, { type: "WEB", url: "http://advisories.mageia.org/MGASA-2014-0040.html", }, { type: "WEB", url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { type: "WEB", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { type: "WEB", url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-6393", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2014-0353.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2014-0354.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2014-0355.html", }, { type: "WEB", url: "http://www.debian.org/security/2014/dsa-2850", }, { type: "WEB", url: "http://www.debian.org/security/2014/dsa-2870", }, { type: "WEB", url: "http://www.ubuntu.com/usn/USN-2098-1", }, ], schema_version: "1.4.0", severity: [], summary: "Heap Based Buffer Overflow in libyaml", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.