Bugzilla – Bug 907809
VUL-0: CVE-2014-9130: libyaml: assert failure when processing wrapped strings
Last modified: 2016-04-17 15:08:34 UTC
Via rh#1169369: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This issue was reported upstream at [1]; a patch that fixes this issue is available at [2]. [1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure [2] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1169369
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (907809) was mentioned in https://build.opensuse.org/request/show/263730 12.3 / libyaml
Created attachment 615621 [details] ruby code to test the fix for SLE ruby 1.9 and ruby 2.1 for SLE11 and SLE12 link against libyaml. I tested the fix with ruby code.
Created attachment 615622 [details] file used for testing check that without the fix, loading this yaml file it aborts, while with the fix, a parser error is sent to the console but the program does not abort.
Created attachment 615623 [details] c code to test the fix for openSUSE ruby20 and ruby21 in openSUSE does not link against libyaml, thus, for testing the yaml fix, I used this c code.
a part from libyaml, we need to fix ruby20 and ruby21 for openSUSE which embeds yaml.
Created attachment 615670 [details] file used for testing
Created attachment 615671 [details] c code to test the fix for openSUSE
looks like I was wrong regarding ruby on openSUSE. All the version link against the libyaml installed in the system. I've realized that when fixing the libyaml package and running the test.rb file. Thus, my job is done and I am assigning it to security team.
This is an autogenerated message for OBS integration: This bug (907809) was mentioned in https://build.opensuse.org/request/show/263749 13.2 / libyaml https://build.opensuse.org/request/show/263750 13.1 / libyaml
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-12-18. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59942
openSUSE-SU-2014:1625-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 907809 CVE References: CVE-2014-9130 Sources used: openSUSE 13.2 (src): libyaml-0.1.6-2.4.1 openSUSE 13.1 (src): libyaml-0.1.4-2.16.1 openSUSE 12.3 (src): libyaml-0.1.3-11.16.1
SUSE-SU-2014:1699-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 907809 CVE References: CVE-2014-9130 Sources used: SUSE Cloud 4 (src): libyaml-0.1.3-0.10.16.1 SUSE Cloud 3 (src): libyaml-0.1.3-0.10.16.1
SUSE-SU-2015:0013-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 907809 CVE References: CVE-2014-9130 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): libyaml-0.1.6-4.1 SUSE Linux Enterprise Server 12 (src): libyaml-0.1.6-4.1 SUSE Linux Enterprise Desktop 12 (src): libyaml-0.1.6-4.1
released
SUSE-SU-2014:1699-2: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 907809 CVE References: CVE-2014-9130 Sources used: SUSE Studio Onsite 1.3 (src): libyaml-0.1.3-0.10.16.1 SUSE Manager Server (src): libyaml-0.1.3-0.10.16.1 SUSE Manager 1.7 for SLE 11 SP2 (src): libyaml-0.1.3-0.10.16.1
This is an autogenerated message for OBS integration: This bug (907809) was mentioned in https://build.opensuse.org/request/show/285086 13.2+13.1 / perl-YAML-LibYAML
openSUSE-SU-2015:0319-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 751503,860617,868944,907809,911782 CVE References: CVE-2012-1152,CVE-2013-6393,CVE-2014-2525,CVE-2014-9130 Sources used: openSUSE 13.2 (src): perl-YAML-LibYAML-0.59-2.4.1 openSUSE 13.1 (src): perl-YAML-LibYAML-0.59-6.4.1
Also affects python-PyYAML: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772815 Reproducer for python-PyYAML: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=CVE-2014-9130.py;att=1;bug=772815 https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=CVE-2014-9130.yaml;att=2;bug=772815
(In reply to Andreas Stieger from comment #21) > Also affects python-PyYAML: > https://bitbucket.org/xi/pyyaml/commits/ > ddf211a41bb231c365fece5599b7e484e6dc33fc > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772815 > > Reproducer for python-PyYAML: > https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=CVE-2014-9130. > py;att=1;bug=772815 > https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=CVE-2014-9130. > yaml;att=2;bug=772815 Moving to separate bug.
SUSE-RU-2015:0611-1: An update that solves 8 vulnerabilities and has 123 fixes is now available. Category: recommended (important) Bug References: 653265,767279,808947,841731,855389,858971,860299,862408,867836,870159,872029,872298,872351,875231,875452,878550,878553,879904,879992,879998,880001,880022,880026,880027,880081,880087,880327,880388,880936,881111,881225,881522,881711,882468,883009,883057,883379,883487,884051,884081,884350,884366,885889,886391,886421,887538,887879,889363,889605,889721,889739,889905,892707,892711,893608,895001,895961,896029,896109,896238,896244,896254,896844,897723,898242,898426,898428,899266,900956,901058,901108,901193,901675,901776,901927,901928,901958,902182,902373,902494,902503,902915,903064,903720,903723,903880,903961,904690,904699,904703,904732,904841,904959,905072,905263,905530,906850,906851,906887,907086,907106,907337,907527,907586,907643,907645,907646,907677,907809,908317,908320,908849,909724,910243,910482,910494,911166,911180,911272,911808,912035,912057,912886,913215,913221,913939,914260,914437,914900,915140,919448 CVE References: CVE-2014-0114,CVE-2014-0240,CVE-2014-0242,CVE-2014-3654,CVE-2014-7811,CVE-2014-7812,CVE-2014-8583,CVE-2014-9130 Sources used: SUSE Manager Server (src): apache2-mod_wsgi-3.3-5.7.17, auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58, cobbler-2.2.2-0.54.9, google-gson-2.2.4-0.7.52, libyaml-0.1.3-0.10.16.11, oracle-config-1.1-0.10.10.16, osad-5.11.33.7-0.7.16, perl-Class-Singleton-1.4-4.13.38, perl-NOCpulse-Object-1.26.13.2-0.7.13, perl-Satcon-1.20.2-0.7.6, postgresql91-9.1.15-0.3.1, pxe-default-image-0.1-0.20.56, python-enum34-1.0-0.7.33, python-gzipstream-1.10.2.2-0.7.6, rhn-custom-info-5.4.22.6-0.7.13, rhnlib-2.5.69.6-0.7.6, rhnmd-5.3.18.4-0.7.15, rhnpush-5.5.71.7-0.7.16, sm-ncc-sync-data-2.1.9-0.7.6, smdba-1.5.1-0.7.6, spacecmd-2.1.25.7-0.7.9, spacewalk-admin-2.1.2.4-0.7.6, spacewalk-backend-2.1.55.15-0.7.11, spacewalk-branding-2.1.33.10-0.7.16, spacewalk-certs-tools-2.1.6.5-0.7.10, spacewalk-client-tools-2.1.16.6-0.7.9, spacewalk-config-2.1.5.4-0.7.15, spacewalk-doc-indexes-2.1.2.3-0.7.26, spacewalk-java-2.1.165.14-0.7.16, spacewalk-reports-2.1.14.8-0.7.10, spacewalk-search-2.1.14.6-0.7.18, spacewalk-setup-2.1.14.9-0.7.6, spacewalk-setup-jabberd-2.1.0.2-0.7.6, spacewalk-utils-2.1.27.12-0.7.25, spacewalk-web-2.1.60.12-0.7.7, spacewalksd-5.0.14.6-0.7.15, struts-1.2.9-162.33.22, supportutils-plugin-susemanager-1.0.3-0.5.5, supportutils-plugin-susemanager-client-1.0.4-0.5.5, suseRegisterInfo-2.1.9-0.7.29, susemanager-2.1.17-0.7.11, susemanager-jsp_en-2.1-0.15.23, susemanager-manuals_en-2.1-0.15.24, susemanager-schema-2.1.50.11-0.7.8, susemanager-sync-data-2.1.5-0.7.6, tanukiwrapper-3.2.3-0.10.12, yum-3.2.29-0.19.30, zypp-plugin-spacewalk-0.9.8-0.15.51
SUSE-SU-2015:0953-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 860617,868944,907809,911782 CVE References: CVE-2013-6393,CVE-2014-2525,CVE-2014-9130 Sources used: SUSE Linux Enterprise Server 12 (src): perl-YAML-LibYAML-0.38-10.1
SUSE-SU-2015:0953-2: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 860617,868944,907809,911782 CVE References: CVE-2013-6393,CVE-2014-2525,CVE-2014-9130 Sources used: SUSE Linux Enterprise Server 12 (src): perl-YAML-LibYAML-0.38-10.1 SUSE Linux Enterprise Desktop 12 (src): perl-YAML-LibYAML-0.38-10.1
openSUSE-SU-2016:1067-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 860617,868944,907809,911782 CVE References: CVE-2013-6393,CVE-2014-2525,CVE-2014-9130 Sources used: openSUSE Leap 42.1 (src): perl-YAML-LibYAML-0.38-4.1