CVE-2014-2525

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-2525 at MITRE

Description

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

SUSE information

SUSE Bugzilla entries: 868944, 911782

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE-SLE-DESKTOP-12-2015-215
SUSE Linux Enterprise Server 12
  • perl-YAML-LibYAML >= 0.38-10.1
Patchnames:
SUSE-SLE-SERVER-12-2015-215
SUSE Manager 1.7
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Patchnames:
sleman17sp2-libyaml
SUSE OpenStack Cloud 3.0
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Patchnames:
sleclo30sp3-libyaml
SUSE Studio Onsite 1.3
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Patchnames:
slestso13-libyaml
SUSE Cloud 3
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Builds
SAT Patch Nr: 9041
SUSE Manager 1.7 for SLE 11 SP2
SUSE Studio Onsite 1.3
  • libyaml-0-2 >= 0.1.3-0.10.12.1
Builds
SAT Patch Nr: 9042
openSUSE 12.3
  • libyaml >= 0.1.3-11.12.1
  • libyaml-0-2 >= 0.1.3-11.12.1
  • libyaml-0-2-debuginfo >= 0.1.3-11.12.1
  • libyaml-debugsource >= 0.1.3-11.12.1
  • libyaml-devel >= 0.1.3-11.12.1
Patchnames:
openSUSE-2014-281
openSUSE 13.1
  • libyaml >= 0.1.4-2.12.1
  • libyaml-0-2 >= 0.1.4-2.12.1
  • libyaml-0-2-debuginfo >= 0.1.4-2.12.1
  • libyaml-debugsource >= 0.1.4-2.12.1
  • libyaml-devel >= 0.1.4-2.12.1
  • perl-YAML-LibYAML >= 0.59-6.4.1
  • perl-YAML-LibYAML-debuginfo >= 0.59-6.4.1
  • perl-YAML-LibYAML-debugsource >= 0.59-6.4.1
Patchnames:
openSUSE-2014-281
openSUSE-2015-162
openSUSE 13.2
  • perl-YAML-LibYAML >= 0.59-2.4.1
  • perl-YAML-LibYAML-debuginfo >= 0.59-2.4.1
  • perl-YAML-LibYAML-debugsource >= 0.59-2.4.1
Patchnames:
openSUSE-2015-162