1. Ubuntu Security Notices
  2. USN-2098-2

USN-2098-2: LibYAML regression

Publication date

13 February 2014

Overview

USN-2098-1 introduced a regression in LibYAML.

Releases

Packages

  • libyaml - Fast YAML 1.1 parser and emitter library

Details

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used
introduced a regression that caused parsing failures for certain valid YAML
files. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Florian Weimer discovered that LibYAML incorrectly handled certain large
yaml documents. An attacker could use this issue to cause LibYAML to crash,
resulting in a denial of service, or possibly execute arbitrary code.

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used
introduced a regression that caused parsing failures for certain valid YAML
files. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Florian Weimer discovered that LibYAML incorrectly handled certain large
yaml documents. An attacker could use this issue to cause LibYAML to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

After a standard system update you need to restart applications using LibYAML to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
13.10 saucy libyaml-0-2 –  0.1.4-2ubuntu0.13.10.2
12.10 quantal libyaml-0-2 –  0.1.4-2ubuntu0.12.10.2
12.04 precise libyaml-0-2 –  0.1.4-2ubuntu0.12.04.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›