{"id":"MGASA-2014-0508","summary":"Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130","details":"Updated yaml and perl-YAML-LibYAML packages fix security vulnerability:\n\nAn assertion failure was found in the way the libyaml library parsed wrapped\nstrings. An attacker able to load specially crafted YAML input into an\napplication using libyaml could cause the application to crash\n(CVE-2014-9130).\n\nThe perl-YAML-LibYAML package is also affected, as it was derived from the\nsame code.  Both have been patched to fix this issue.\n","modified":"2026-01-31T19:01:03.377050Z","published":"2014-12-05T15:54:13Z","related":["CVE-2014-9130"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0508.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14689"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1169369"}],"affected":[{"package":{"name":"yaml","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/yaml?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.1.6-1.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0508.json"}},{"package":{"name":"perl-YAML-LibYAML","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/perl-YAML-LibYAML?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.410.0-2.3.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0508.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}