Bug 801738 (CVE-2012-1152)

Summary: CVE-2012-1152 perl-YAML-LibYAML: Multiple format string flaws by reporting errors during YAML document load
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mmaslano, perl-devel, tremble
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-25 17:19:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 836924    
Bug Blocks: 801749    

Description Jan Lieskovsky 2012-03-09 10:24:03 UTC 
Multiple format string flaws were found in the way perl-YAML-LibYAML, Perl YAML serialization using XS and libyaml, performed:
1) error reporting by loading of general YAML stream,
2) error reporting by loading of YAML node,
3) error reporting by loading of YAML mapping into a Perl hash, and
4) error reporting by loading of YAML sequence into a Perl array.

A remote attacker could provide a specially-crafted YAML document, which once processed by the perl-YAML-LibYAML interface would lead to perl-YAML-LibYAML based process crash.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548

CPAN tickets:
[2] https://rt.cpan.org/Public/Bug/Display.html?id=75365
[3] https://rt.cpan.org/Public/Bug/Display.html?id=46507

Proposed patch:
[4] https://rt.cpan.org/Ticket/Attachment/920541/477607/YAML-LibYAML-0.35-format-error.patch
Comment 1 Jan Lieskovsky 2012-03-09 10:27:41 UTC 
This issue affects the version perl-YAML-LibYAML package, as shipped with Fedora EPEL 6.

--

This issue affects the versions of the perl-YAML-LibYAML package, as shipped with Fedora release of 15 and 16.
Comment 2 Jan Lieskovsky 2012-03-09 11:12:12 UTC 
CVE Request:
[5] http://www.openwall.com/lists/oss-security/2012/03/09/6
Comment 3 Kurt Seifried 2012-03-10 06:11:25 UTC 
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/10/4
Comment 4 Fedora Update System 2012-04-08 03:28:04 UTC 
perl-YAML-LibYAML-0.38-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2012-04-08 03:30:50 UTC 
perl-YAML-LibYAML-0.38-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2012-04-12 03:07:03 UTC 
perl-YAML-LibYAML-0.38-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Huzaifa S. Sidhpurwala 2012-07-02 07:54:45 UTC 
Created perl-YAML-LibYAML tracking bugs for this issue

Affects: epel-6 [bug 836924]
Comment 8 Fedora Update System 2012-07-21 00:22:08 UTC 
perl-YAML-LibYAML-0.38-3.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.