CVE-2014-9130
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
Find out more about CVE-2014-9130 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (libyaml) | RHSA-2015:0100 | 2015-01-28 |
| Red Hat Enterprise Linux 6 (libyaml) | RHSA-2015:0100 | 2015-01-28 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 (libyaml) | RHSA-2015:0112 | 2015-02-02 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (libyaml) | RHSA-2015:0260 | 2015-02-23 |
| Red Hat Enterprise Linux OpenStack Platform 4.0 (libyaml) | RHSA-2015:0260 | 2015-02-23 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | libyaml | Fix deferred |
| Red Hat Satellite 6 | ruby193-libyaml | Fix deferred |
| Red Hat Satellite 6 | libyaml | Fix deferred |
| Red Hat Satellite 5.7 | libyaml | Fix deferred |
| Red Hat Satellite 5.6 | libyaml | Fix deferred |
| Red Hat Satellite 5.5 | libyaml | Will not fix |
| Red Hat Satellite 5.4 | libyaml | Will not fix |
| Red Hat Satellite 5.3 | libyaml | Will not fix |
| Red Hat Enterprise MRG 2 | libyaml | Will not fix |
| Red Hat Enterprise MRG 1 | libyaml | Will not fix |