Upstream information

CVE-2013-6393 at MITRE

Description

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 860617 [RESOLVED / FIXED], 911782 [RESOLVED / ]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libyaml-0-2 >= 0.1.6-1.19
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libyaml-0-2
SUSE-SLE-DESKTOP-12-2015-215
SUSE Linux Enterprise Desktop 12 SP1
  • libyaml-0-2 >= 0.1.6-7.1
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libyaml-0-2
SUSE Linux Enterprise Desktop 12 SP1 GA perl-YAML-LibYAML
SUSE Linux Enterprise Desktop 12 SP2
  • libyaml-0-2 >= 0.1.6-7.1
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libyaml-0-2
SUSE Linux Enterprise Desktop 12 SP2 GA perl-YAML-LibYAML
SUSE Linux Enterprise Server 12
  • libyaml-0-2 >= 0.1.6-1.19
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE Linux Enterprise Server 12 GA libyaml-0-2
SUSE-SLE-SERVER-12-2015-215
SUSE Linux Enterprise Server 12 SP1
  • libyaml-0-2 >= 0.1.6-7.1
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libyaml-0-2
SUSE Linux Enterprise Server 12 SP1 GA perl-YAML-LibYAML
SUSE Linux Enterprise Server 12 SP2
  • libyaml-0-2 >= 0.1.6-7.1
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libyaml-0-2
SUSE Linux Enterprise Server 12 SP2 GA perl-YAML-LibYAML
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libyaml-devel >= 0.1.3-0.10.16.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libyaml-devel
SUSE Linux Enterprise Software Development Kit 12
  • libyaml-devel >= 0.1.6-1.19
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libyaml-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libyaml-devel >= 0.1.6-7.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libyaml-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libyaml-devel >= 0.1.6-7.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libyaml-devel
SUSE Manager 1.7
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Patchnames:
sleman17sp2-libyaml
sleman17sp2-libyaml-0-2
SUSE OpenStack Cloud 3.0
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Patchnames:
sleclo30sp3-libyaml
SUSE Studio Onsite 1.3
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Patchnames:
slestso13-libyaml
slestso13-libyaml-0-2
SUSE Cloud 3
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Builds
SAT Patch Nr: 9041
SUSE Manager 1.7 for SLE 11 SP2
SUSE Studio Onsite 1.3
  • libyaml-0-2 >= 0.1.3-0.10.10.1
Builds
SAT Patch Nr: 8990
SUSE Manager 1.7 for SLE 11 SP2
SUSE Studio Onsite 1.3
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Builds
SAT Patch Nr: 9042
openSUSE 12.3
  • libyaml >= 0.1.3-11.8.1
  • libyaml-0-2 >= 0.1.3-11.8.1
  • libyaml-0-2-debuginfo >= 0.1.3-11.8.1
  • libyaml-debugsource >= 0.1.3-11.8.1
  • libyaml-devel >= 0.1.3-11.8.1
Patchnames:
openSUSE-2014-150
openSUSE-2014-215
openSUSE 13.1
  • libyaml >= 0.1.4-2.8.1
  • libyaml-0-2 >= 0.1.4-2.8.1
  • libyaml-0-2-debuginfo >= 0.1.4-2.8.1
  • libyaml-debugsource >= 0.1.4-2.8.1
  • libyaml-devel >= 0.1.4-2.8.1
  • perl-YAML-LibYAML >= 0.59-6.4.1
  • perl-YAML-LibYAML-debuginfo >= 0.59-6.4.1
  • perl-YAML-LibYAML-debugsource >= 0.59-6.4.1
Patchnames:
openSUSE-2014-150
openSUSE-2014-215
openSUSE-2015-162
openSUSE 13.2
  • libyaml-0-2 >= 0.1.6-2.1.2
  • perl-YAML-LibYAML >= 0.59-2.4.1
  • perl-YAML-LibYAML-debuginfo >= 0.59-2.4.1
  • perl-YAML-LibYAML-debugsource >= 0.59-2.4.1
Patchnames:
openSUSE 13.2 GA libyaml-0-2
openSUSE-2015-162
openSUSE Evergreen 11.4
  • libyaml >= 0.1.3-6.1
  • libyaml-0-2 >= 0.1.3-6.1
  • libyaml-0-2-debuginfo >= 0.1.3-6.1
  • libyaml-debugsource >= 0.1.3-6.1
  • libyaml-devel >= 0.1.3-6.1
Patchnames:
2014-21
openSUSE Leap 42.1
  • libyaml-0-2 >= 0.1.6-3.1
  • perl-YAML-LibYAML >= 0.38-2.2
  • perl-YAML-LibYAML-debuginfo >= 0.38-4.1
  • perl-YAML-LibYAML-debugsource >= 0.38-4.1
Patchnames:
openSUSE Leap 42.1 GA libyaml-0-2
openSUSE Leap 42.1 GA perl-YAML-LibYAML
openSUSE-2016-473
openSUSE Leap 42.2
  • libyaml-0-2 >= 0.1.6-5.3
  • perl-YAML-LibYAML >= 0.38-5.1
Patchnames:
openSUSE Leap 42.2 GA libyaml-0-2
openSUSE Leap 42.2 GA perl-YAML-LibYAML
openSUSE Tumbleweed
  • libyaml-0-2 >= 0.1.6-4.8
  • libyaml-devel >= 0.1.6-4.8
  • perl-YAML-LibYAML >= 0.59-2.11
Patchnames:
openSUSE Tumbleweed GA libyaml-0-2
openSUSE Tumbleweed GA perl-YAML-LibYAML