ALAS-2012-069


Amazon Linux AMI Security Advisory: ALAS-2012-69
Advisory Release Date: 2014-09-14 15:59 Pacific
Severity: Low
References: CVE-2012-1152 

Issue Overview:

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.


Affected Packages:

perl-YAML-LibYAML


Issue Correction:
Run yum update perl-YAML-LibYAML to update your system.

New Packages:
i686:
    perl-YAML-LibYAML-debuginfo-0.38-2.2.amzn1.i686
    perl-YAML-LibYAML-0.38-2.2.amzn1.i686

src:
    perl-YAML-LibYAML-0.38-2.2.amzn1.src

x86_64:
    perl-YAML-LibYAML-debuginfo-0.38-2.2.amzn1.x86_64
    perl-YAML-LibYAML-0.38-2.2.amzn1.x86_64