UbuntuUpdates.org

Package "libyaml-snake-java"

Name: libyaml-snake-java

Description:

YAML parser and emitter for the Java programming language

Latest version: 1.25+ds-2ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: snakeyaml
Homepage: https://bitbucket.org/asomov/snakeyaml

Links


Download "libyaml-snake-java"


Other versions of "libyaml-snake-java" in Focal

Repository Area Version
base universe 1.25+ds-2
updates universe 1.25+ds-2ubuntu0.1

Changelog

Version: 1.25+ds-2ubuntu0.1 2023-03-10 00:07:02 UTC

  snakeyaml (1.25+ds-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service due to stack overflow
    - debian/patches/CVE-2022-25857.patch: Restrict nested depth for
      collections to avoid DoS attacks.
    - CVE-2022-25857
    - CVE-2022-38749
  * SECURITY UPDATE: Denial of service due to stack overflow
    - debian/patches/CVE-2022-38750.patch: Adds test for upstream issue 526.
    - CVE-2022-38750
  * SECURITY UPDATE: Denial of service due to stack overflow
    - debian/patches/CVE-2022-38751.patch: Add resolver limits to avoid DoS
      attacks.
    - CVE-2022-38751

 -- Fabian Toepfer <email address hidden> Thu, 09 Mar 2023 19:41:51 +0100

CVE-2022-25857 The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collection
CVE-2022-38749 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input,
CVE-2022-38750 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input,
CVE-2022-38751 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input,



About   -   Send Feedback to @ubuntu_updates