Updated libyaml packages that fix one security issue are now available forRed Hat Software Collections 1.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

YAML is a data serialization format designed for human readability andinteraction with scripting languages. LibYAML is a YAML parser and emitterwritten in C.An assertion failure was found in the way the libyaml library parsedwrapped strings. An attacker able to load specially crafted YAML input intoan application using libyaml could cause the application to crash.(CVE-2014-9130)All libyaml users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. All running applicationslinked against the libyaml library must be restarted for this update totake effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

    MD5: 7004d66176a2126743c32429901af151SHA-256: 2867c07efe1814e6db99f744391975011cab931fb80ef32c53eb07fbe2500e75
    MD5: 56da81f5af86abfd352848b9907425d3SHA-256: 65aaf316957111dc99efb69ac436e720925c1aac6486c4727f0d82c73958931c
    MD5: a325036353d964ba7938835444acfa93SHA-256: a1c7a699e27b531a1ca095e02446ddfbe138989cc5ba8a4cbad7210d5a6be5e0
    MD5: a5df47f944b1eac9adbbf626fac900dbSHA-256: 7e346c3b0a8c77527c6e7597f72d77e8afb01295f36cc1147ffb270eedda45ad
    MD5: b09483ce8f38f4d0e9b31053bcfcb964SHA-256: 364c9db032fb9ffd6c3858a939abb568e573507bf6e79b3fe5fe82cd1d4965c2
    MD5: 02b2161cc4095fdb0254b24ca3952f71SHA-256: a140316cde7e6eae49fcdaa88d42c0211b4daa86d5028361ba72c855254afa6a
    MD5: 18600d4cc1467fa1ade5a42c61c201c4SHA-256: 186138326c4b3f109def472a9699009189b56bae60621564e1281940c373d9d5
(The unlinked packages above are only available from the Red Hat Network)
1169369 – CVE-2014-9130 libyaml: assert failure when processing wrapped strings

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply