Amazon Linux 1 Security Advisory: ALAS-2012-69
Advisory Release Date: 2012-04-30 14:53 Pacific
Advisory Updated Date: 2014-09-14 15:59 Pacific
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.
Affected Packages:
perl-YAML-LibYAML
Issue Correction:
Run yum update perl-YAML-LibYAML to update your system.
i686:
perl-YAML-LibYAML-debuginfo-0.38-2.2.amzn1.i686
perl-YAML-LibYAML-0.38-2.2.amzn1.i686
src:
perl-YAML-LibYAML-0.38-2.2.amzn1.src
x86_64:
perl-YAML-LibYAML-debuginfo-0.38-2.2.amzn1.x86_64
perl-YAML-LibYAML-0.38-2.2.amzn1.x86_64