Bug 1078083 (CVE-2014-2525)
| Summary: | CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | unspecified | CC: | abaron, akarol, apevec, athomas, ayoung, bdunne, bhu, bkearney, bleanhar, cbillett, ccoleman, chrisw, cpelland, cperry, dajohnso, dmcphers, dmetzger, drieden, eglynn, ehelms, ggainey, gkotton, gmccullo, gmollett, gtanzill, iboverma, jeckersb, jfrey, jhardy, jialiu, jjoyce, jkurik, jmatthew, jplesnik, jrafanie, jross, jschluet, juwatts, katello-bugs, lars, lhh, lmeyer, lsvaty, markmc, matt, mburns, mcressma, mgarciac, mhulan, mmaslano, mmccune, mmcgrath, mrg-program-list, nmoumoul, nobody+bgollahe, obarenbo, paul, pcreech, perl-devel, pgrist, rbryant, rchan, rhos-maint, roliveri, sclewis, security-response-team, simaishi, smallamp, srevivo, tdawson, tomckay, tremble, tsanders, williams, xlecauch | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | libyaml 0.1.6 | Doc Type: | Bug Fix | ||||
| Doc Text: |
A heap based buffer overflow exists in the libyaml package such that an attacker by supplying a specially crafted yaml document when parsed by the application might result in remote code execution leading to complete compromise of the system.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-06-08 02:32:07 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1079283, 1079299, 1079306, 1079307, 1079308, 1079404, 1081281, 1081382, 1081383, 1081856, 1083710, 1083711, 1159403, 1159404, 1160976, 1161460, 1165358 | ||||||
| Bug Blocks: | 1078094 | ||||||
| Attachments: |
|
||||||
|
Description
Murray McAllister
2014-03-19 07:00:22 UTC
Created attachment 876237 [details]
patch from upstream
libyaml is shipped as part of Red Hat Software Collections 1 via ruby193-libyaml package. This package is used by ruby193-ruby. Impact for this use case is limited, as ruby YAML module is unsafe for use on untrusted yaml input: http://ruby-doc.org/stdlib-1.9.3/libdoc/yaml/rdoc/YAML.html#module-YAML-label-Security Alternative SafeYAML modules which provide safe ways to load yaml input files in ruby is not provided as part of Red Hat Software Collections 1. https://github.com/dtao/safe_yaml This issue is public now: http://www.ocert.org/advisories/ocert-2014-003.html Created libyaml tracking bugs for this issue: Affects: fedora-all [bug 1081281] Debian released http://www.debian.org/security/2014/dsa-2885 to fix this issue in their libyaml-libyaml-perl package. perl-YAML-LibYAML for Fedora and EPEL look to embed libyaml too, and it seems to get built (http://kojipkgs.fedoraproject.org//packages/perl-YAML-LibYAML/0.41/3.fc20/data/logs/x86_64/build.log), but I have not checked if it actually uses the embedded copy or not. I am going to file tracking bugs regardless. Created perl-YAML-LibYAML tracking bugs for this issue: Affects: fedora-all [bug 1081382] Affects: epel-6 [bug 1081383] Can you please create a tracking bug for epel-all as well? Created libyaml tracking bugs for this issue: Affects: epel-all [bug 1081856] (In reply to John Eckersberg from comment #22) > Can you please create a tracking bug for epel-all as well? Done. Sorry about that! This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2014:0355 https://rhn.redhat.com/errata/RHSA-2014-0355.html This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0354 https://rhn.redhat.com/errata/RHSA-2014-0354.html This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0353 https://rhn.redhat.com/errata/RHSA-2014-0353.html This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0364 https://rhn.redhat.com/errata/RHSA-2014-0364.html libyaml-0.1.6-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. libyaml-0.1.6-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. perl-YAML-LibYAML-0.41-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. perl-YAML-LibYAML-0.41-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. perl-YAML-LibYAML-0.38-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. libyaml-0.1.6-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. libyaml-0.1.2-7.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Common for RHEL 6 Via RHSA-2014:0415 https://rhn.redhat.com/errata/RHSA-2014-0415.html |