Security Information / 2012 / Security Information -- DSA-2432-1 libyaml-libyaml-perl

Debian Security Advisory

DSA-2432-1 libyaml-libyaml-perl -- format string vulnerabilities

Date Reported:

12 Mar 2012

Affected Packages:

libyaml-libyaml-perl

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 661548.
In Mitre's CVE dictionary: CVE-2012-1152.

More information:

Dominic Hargreaves and Niko Tyni discovered two format string vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml library.

For the stable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 0.38-2.

We recommend that you upgrade your libyaml-libyaml-perl packages.