https://bugzilla.redhat.com/show_bug.cgi?id=1169369
Bug ID: 1169369 Summary: CVE-2014-9130 libyaml: assert failure when processing wrapped strings Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mprpic@redhat.com CC: abaron@redhat.com, aortega@redhat.com, apatters@redhat.com, apevec@redhat.com, ayoung@redhat.com, bhu@redhat.com, bkearney@redhat.com, bleanhar@redhat.com, cbillett@redhat.com, ccoleman@redhat.com, chrisw@redhat.com, cpelland@redhat.com, cperry@redhat.com, dajohnso@redhat.com, dallan@redhat.com, dclarizi@redhat.com, dmcphers@redhat.com, esammons@redhat.com, gkotton@redhat.com, gmccullo@redhat.com, iboverma@redhat.com, jdetiber@redhat.com, jeckersb@redhat.com, jhardy@redhat.com, jialiu@redhat.com, jkeck@redhat.com, jmatthew@redhat.com, joelsmith@redhat.com, jokerman@redhat.com, jorton@redhat.com, jplesnik@redhat.com, jprause@redhat.com, jrafanie@redhat.com, jross@redhat.com, jvlcek@redhat.com, katello-bugs@redhat.com, kseifried@redhat.com, lhh@redhat.com, lmeyer@redhat.com, lpeer@redhat.com, markmc@redhat.com, matt@redhat.com, mburns@redhat.com, mcressma@redhat.com, mmaslano@redhat.com, mmccomas@redhat.com, mmccune@redhat.com, mmcgrath@redhat.com, mmraka@redhat.com, mrg-program-list@redhat.com, obarenbo@redhat.com, paul@city-fan.org, perl-devel@lists.fedoraproject.org, pmyers@redhat.com, rbryant@redhat.com, rhos-maint@redhat.com, sclewis@redhat.com, taw@redhat.com, tjay@redhat.com, tomckay@redhat.com, tremble@tremble.org.uk, tsanders@redhat.com, williams@redhat.com, xlecauch@redhat.com, yeylon@redhat.com
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
This issue was reported upstream at [1]; a patch that fixes this issue is available at [2].
[1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failu... [2] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba...