Ubuntu Local Security Checks : Ubuntu Update for libyaml USN-2461-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.842052

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for libyaml USN-2461-1

Resumen: The remote host is missing an update for the 'libyaml'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libyaml'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Stanisł aw Pitucha and Jonathan Gray
discovered that LibYAML did not properly handle wrapped strings. An attacker could
create specially crafted YAML data to trigger an assert, causing a denial of service.

Affected Software/OS:
libyaml on Ubuntu 14.10,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9130
BugTraq ID: 71349
http://www.securityfocus.com/bid/71349
Debian Security Information: DSA-3102 (Google Search)
http://www.debian.org/security/2014/dsa-3102
Debian Security Information: DSA-3103 (Google Search)
http://www.debian.org/security/2014/dsa-3103
Debian Security Information: DSA-3115 (Google Search)
http://www.debian.org/security/2014/dsa-3115
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
http://www.openwall.com/lists/oss-security/2014/11/28/8
http://www.openwall.com/lists/oss-security/2014/11/28/1
http://www.openwall.com/lists/oss-security/2014/11/29/3
RedHat Security Advisories: RHSA-2015:0100
http://rhn.redhat.com/errata/RHSA-2015-0100.html
RedHat Security Advisories: RHSA-2015:0112
http://rhn.redhat.com/errata/RHSA-2015-0112.html
RedHat Security Advisories: RHSA-2015:0260
http://rhn.redhat.com/errata/RHSA-2015-0260.html
http://secunia.com/advisories/59947
http://secunia.com/advisories/60944
http://secunia.com/advisories/62164
http://secunia.com/advisories/62174
http://secunia.com/advisories/62176
http://secunia.com/advisories/62705
http://secunia.com/advisories/62723
http://secunia.com/advisories/62774
SuSE Security Announcement: openSUSE-SU-2015:0319 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
SuSE Security Announcement: openSUSE-SU-2016:1067 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://www.ubuntu.com/usn/USN-2461-1
http://www.ubuntu.com/usn/USN-2461-2
http://www.ubuntu.com/usn/USN-2461-3
XForce ISS Database: libyaml-cve20149130-dos(99047)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.842052
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for libyaml USN-2461-1
Resumen:	The remote host is missing an update for the 'libyaml'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libyaml' package(s) announced via the referenced advisory. Vulnerability Insight: Stanisł aw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service. Affected Software/OS: libyaml on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9130 BugTraq ID: 71349 http://www.securityfocus.com/bid/71349 Debian Security Information: DSA-3102 (Google Search) http://www.debian.org/security/2014/dsa-3102 Debian Security Information: DSA-3103 (Google Search) http://www.debian.org/security/2014/dsa-3103 Debian Security Information: DSA-3115 (Google Search) http://www.debian.org/security/2014/dsa-3115 http://www.mandriva.com/security/advisories?name=MDVSA-2014:242 http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure http://www.openwall.com/lists/oss-security/2014/11/28/8 http://www.openwall.com/lists/oss-security/2014/11/28/1 http://www.openwall.com/lists/oss-security/2014/11/29/3 RedHat Security Advisories: RHSA-2015:0100 http://rhn.redhat.com/errata/RHSA-2015-0100.html RedHat Security Advisories: RHSA-2015:0112 http://rhn.redhat.com/errata/RHSA-2015-0112.html RedHat Security Advisories: RHSA-2015:0260 http://rhn.redhat.com/errata/RHSA-2015-0260.html http://secunia.com/advisories/59947 http://secunia.com/advisories/60944 http://secunia.com/advisories/62164 http://secunia.com/advisories/62174 http://secunia.com/advisories/62176 http://secunia.com/advisories/62705 http://secunia.com/advisories/62723 http://secunia.com/advisories/62774 SuSE Security Announcement: openSUSE-SU-2015:0319 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html SuSE Security Announcement: openSUSE-SU-2016:1067 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html http://www.ubuntu.com/usn/USN-2461-1 http://www.ubuntu.com/usn/USN-2461-2 http://www.ubuntu.com/usn/USN-2461-3 XForce ISS Database: libyaml-cve20149130-dos(99047) https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
Copyright	Copyright (C) 2015 Greenbone Networks GmbH