Package "golang-yaml.v2"

Links

Other versions of "golang-yaml.v2" in Focal

Repository	Area	Version
base	universe	2.2.2-1
updates	universe	2.2.2-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.

• golang-gopkg-yaml.v2-dev
• golang-yaml.v2-dev

Changelog

Version: 2.2.2-1ubuntu0.1	2023-08-14 09:07:04 UTC
golang-yaml.v2 (2.2.2-1ubuntu0.1) focal-security; urgency=medium   * SECURITY UPDATE: DOS through excessive alias.     - debian/patches/CVE-2021-4235.patch: Add logic to catch cases of       alias abuse in decode.go.     - CVE-2021-4235   * SECURITY_UPDATE: DOS through nested or expansion in large documents.     - debian/patches/CVE-2022-3064.patch: Improve heuristics preventing       CPU/memory abuse in decode.go and scannerc.go.     - CVE-2022-3064  -- David Fernandez Gonzalez <email address hidden> Fri, 11 Aug 2023 09:47:30 +0200
CVE-2021-4235 Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, CVE-2022-3064 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

---

Share this page

Bookmarks

google-chrome-beta 132.0.6834.15

Latest updates

  Packages changelogs
  Bugs & CVEs

backports

cockpit-podman (oracular)
cockpit-machines (oracular)
cockpit (oracular)
yt-dlp (noble)
cockpit-podman (noble)
cockpit-machines (noble)
cockpit (noble)
cockpit-podman (jammy)
cockpit-machines (jammy)
cockpit (jammy)

updates

gh (oracular)
twisted (jammy)
twisted (focal)
containerd-app (noble)

security

gh (oracular)
twisted (jammy)
twisted (focal)

proposed

linux-restricted-signatures-gcp (oracular)
linux-restricted-modules-gcp (oracular)
linux-signed-gcp (oracular)
linux-meta-gcp (oracular)
linux-restricted-signatures (oracular)
linux-restricted-signatures-oracle (oracular)
linux-restricted-signatures-azure (oracular)
linux-restricted-modules-oracle (oracular)
linux-restricted-modules (oracular)
linux-restricted-modules-azure (oracular)
linux-signed (oracular)
linux-signed-oracle (oracular)
linux-signed-azure (oracular)

See all

PPA updates

  PPAs

nginx-nr-agent (bionic)
google-chrome-canary (stable)
code-insiders (stable)
virtualbox-7.1 (oracular)
virtualbox-7.0 (oracular)
linux-signed-ibm (noble)
linux-restricted-modules-ibm (noble)
linux-signed-azure (noble)
linux-meta-ibm (noble)
linux-generate-ibm (noble)
linux-restricted-modules-azure (noble)
linux-meta-azure (noble)
linux-generate-azure (noble)
linux-signed-realtime (oracular)
linux-meta-realtime (oracular)
linux-generate-realtime (oracular)
packagekit (wilma)
mintupload (wilma)
barman (jammy-pgdg)
barman (focal-pgdg)
mintlocale (wilma)
thunderbird (wilma)
chromium (wilma)
chromium (vera)
opera-developer (stable)
linux-signed-oem-6.8 (noble)
linux-restricted-modules-oem-6.8 (noble)
linux-meta-oem-6.8 (noble)
linux-generate-oem-6.8 (noble)
linux-oem-6.8 (noble)

See all