Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-69)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120593

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-69)

Resumen: The remote host is missing an update for the 'perl-YAML-LibYAML' package(s) announced via the ALAS-2012-69 advisory.

Descripción: Summary:
The remote host is missing an update for the 'perl-YAML-LibYAML' package(s) announced via the ALAS-2012-69 advisory.

Vulnerability Insight:
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.

Affected Software/OS:
'perl-YAML-LibYAML' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1152
48317
http://secunia.com/advisories/48317
50277
http://secunia.com/advisories/50277
52381
http://www.securityfocus.com/bid/52381
DSA-2432
http://www.debian.org/security/2012/dsa-2432
FEDORA-2012-4871
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html
FEDORA-2012-4997
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html
FEDORA-2012-5035
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html
[oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
http://www.openwall.com/lists/oss-security/2012/03/09/6
[oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
http://www.openwall.com/lists/oss-security/2012/03/10/4
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548
https://bugzilla.redhat.com/show_bug.cgi?id=801738
https://rt.cpan.org/Public/Bug/Display.html?id=46507
https://rt.cpan.org/Public/Bug/Display.html?id=75365
openSUSE-SU-2012:1000
http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html
openSUSE-SU-2015:0319
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
yaml-load-format-string(73856)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73856

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120593
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-69)
Resumen:	The remote host is missing an update for the 'perl-YAML-LibYAML' package(s) announced via the ALAS-2012-69 advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl-YAML-LibYAML' package(s) announced via the ALAS-2012-69 advisory. Vulnerability Insight: Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. Affected Software/OS: 'perl-YAML-LibYAML' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1152 48317 http://secunia.com/advisories/48317 50277 http://secunia.com/advisories/50277 52381 http://www.securityfocus.com/bid/52381 DSA-2432 http://www.debian.org/security/2012/dsa-2432 FEDORA-2012-4871 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077782.html FEDORA-2012-4997 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077004.html FEDORA-2012-5035 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077023.html [oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws http://www.openwall.com/lists/oss-security/2012/03/09/6 [oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws http://www.openwall.com/lists/oss-security/2012/03/10/4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548 https://bugzilla.redhat.com/show_bug.cgi?id=801738 https://rt.cpan.org/Public/Bug/Display.html?id=46507 https://rt.cpan.org/Public/Bug/Display.html?id=75365 openSUSE-SU-2012:1000 http://lists.opensuse.org/opensuse-updates/2012-08/msg00029.html openSUSE-SU-2015:0319 http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html yaml-load-format-string(73856) https://exchange.xforce.ibmcloud.com/vulnerabilities/73856
Copyright	Copyright (C) 2015 Greenbone AG