ALAS-2014-291


Amazon Linux AMI Security Advisory: ALAS-2014-291
Advisory Release Date: 2014-09-16 22:32 Pacific
Severity: Important
References: CVE-2013-6393 

Issue Overview:

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.


Affected Packages:

libyaml


Issue Correction:
Run yum update libyaml to update your system.

New Packages:
i686:
    libyaml-devel-0.1.4-6.5.amzn1.i686
    libyaml-debuginfo-0.1.4-6.5.amzn1.i686
    libyaml-0.1.4-6.5.amzn1.i686

src:
    libyaml-0.1.4-6.5.amzn1.src

x86_64:
    libyaml-debuginfo-0.1.4-6.5.amzn1.x86_64
    libyaml-0.1.4-6.5.amzn1.x86_64
    libyaml-devel-0.1.4-6.5.amzn1.x86_64