Security Advisories (4)
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
- http://www.openwall.com/lists/oss-security/2014/11/29/3
- http://www.openwall.com/lists/oss-security/2014/11/28/8
- https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
- http://www.securityfocus.com/bid/71349
- http://secunia.com/advisories/59947
- https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
- http://secunia.com/advisories/60944
- http://www.openwall.com/lists/oss-security/2014/11/28/1
- http://linux.oracle.com/errata/ELSA-2015-0100.html
- http://secunia.com/advisories/62723
- http://secunia.com/advisories/62705
- http://secunia.com/advisories/62774
- http://www.ubuntu.com/usn/USN-2461-2
- http://www.ubuntu.com/usn/USN-2461-3
- http://www.ubuntu.com/usn/USN-2461-1
- http://rhn.redhat.com/errata/RHSA-2015-0100.html
- http://www.debian.org/security/2014/dsa-3103
- http://rhn.redhat.com/errata/RHSA-2015-0112.html
- http://www.debian.org/security/2014/dsa-3102
- http://www.debian.org/security/2014/dsa-3115
- http://rhn.redhat.com/errata/RHSA-2015-0260.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
- http://advisories.mageia.org/MGASA-2014-0508.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
- http://secunia.com/advisories/62176
- http://secunia.com/advisories/62174
- http://secunia.com/advisories/62164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
- https://puppet.com/security/cve/cve-2014-9130
Need SafeLoad and SafeDump analog to python
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.
- https://bugzilla.redhat.com/show_bug.cgi?id=801738
- https://rt.cpan.org/Public/Bug/Display.html?id=46507
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html
- http://www.openwall.com/lists/oss-security/2012/03/10/4
- http://www.openwall.com/lists/oss-security/2012/03/09/6
- http://www.debian.org/security/2012/dsa-2432
- http://www.securityfocus.com/bid/52381
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html
- https://rt.cpan.org/Public/Bug/Display.html?id=75365
- http://secunia.com/advisories/48317
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html
- http://secunia.com/advisories/50277
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73856
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
NAME
YAML::LibYAML - Perl YAML Serialization using XS and libyaml
NOTE
YAML-LibYAML is the CPAN distribution name for the YAML::XS module.
See the YAML::XS documentation instead.
AUTHOR
Ingy döt Net <ingy@cpan.org>
COPYRIGHT
Copyright 2007-2014. Ingy döt Net.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Module Install Instructions
To install YAML::LibYAML, copy and paste the appropriate command in to your terminal.
cpanm YAML::LibYAMLperl -MCPAN -e shell
install YAML::LibYAMLFor more information on module installation, please visit the detailed CPAN module installation guide.