CVE-2014-9130: LibYAML vulnerability

Severity

Medium

Vendor

LibYAML

Versions Affected

Cloud Foundry Ruby Buildpack versions prior to 1.6.25

Description

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

Upgrade the Ruby Buildpack to v1.6.25 [1] or later and restage all applications that use automated buildpack detection

Credit

Stanisław Pitucha and Jonathan Gray

References

[1] https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.25
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

CVE-2014-9130: LibYAML vulnerability

Severity

Vendor

Versions Affected

Description

Mitigation

Credit

References

You Might Also Like

USN-4719-1: ca-certificates update

USN-6028-1: libxml2 vulnerabilities

USN-2919-1 JasPer vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!