Bug 801738 (CVE-2012-1152)

Summary: CVE-2012-1152 perl-YAML-LibYAML: Multiple format string flaws by reporting errors during YAML document load
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mmaslano, perl-devel, tremble
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20120227,reported=20120309,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,epel-6/perl-YAML-LibYAML=affected,fedora-all/perl-YAML-LibYAML=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-25 13:19:28 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 836924    
Bug Blocks: 801749    

Description Jan Lieskovsky 2012-03-09 05:24:03 EST
Multiple format string flaws were found in the way perl-YAML-LibYAML, Perl YAML serialization using XS and libyaml, performed:
1) error reporting by loading of general YAML stream,
2) error reporting by loading of YAML node,
3) error reporting by loading of YAML mapping into a Perl hash, and
4) error reporting by loading of YAML sequence into a Perl array.

A remote attacker could provide a specially-crafted YAML document, which once processed by the perl-YAML-LibYAML interface would lead to perl-YAML-LibYAML based process crash.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548

CPAN tickets:
[2] https://rt.cpan.org/Public/Bug/Display.html?id=75365
[3] https://rt.cpan.org/Public/Bug/Display.html?id=46507

Proposed patch:
[4] https://rt.cpan.org/Ticket/Attachment/920541/477607/YAML-LibYAML-0.35-format-error.patch
Comment 1 Jan Lieskovsky 2012-03-09 05:27:41 EST
This issue affects the version perl-YAML-LibYAML package, as shipped with Fedora EPEL 6.

--

This issue affects the versions of the perl-YAML-LibYAML package, as shipped with Fedora release of 15 and 16.
Comment 2 Jan Lieskovsky 2012-03-09 06:12:12 EST
CVE Request:
[5] http://www.openwall.com/lists/oss-security/2012/03/09/6
Comment 3 Kurt Seifried 2012-03-10 01:11:25 EST
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/10/4
Comment 4 Fedora Update System 2012-04-07 23:28:04 EDT
perl-YAML-LibYAML-0.38-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2012-04-07 23:30:50 EDT
perl-YAML-LibYAML-0.38-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2012-04-11 23:07:03 EDT
perl-YAML-LibYAML-0.38-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Huzaifa S. Sidhpurwala 2012-07-02 03:54:45 EDT
Created perl-YAML-LibYAML tracking bugs for this issue

Affects: epel-6 [bug 836924]
Comment 8 Fedora Update System 2012-07-20 20:22:08 EDT
perl-YAML-LibYAML-0.38-3.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.