Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.announce.security > #4740

[SECURITY] [DSA 6175-1] libyaml-syck-perl security update

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6175-1] libyaml-syck-perl security update
Date 2026-03-22 21:40 +0100
Message-ID <MBxKx-9wtY-23@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6175-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 22, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libyaml-syck-perl
CVE ID         : CVE-2026-4177

Several vulnerabilities were discovered in libyaml-syck-perl, a Perl
module providing a fast, lightweight YAML loader and dumper, which may
result in denial of service and potentially arbitrary code execution.

For the oldstable distribution (bookworm), this problem has been fixed
in version 1.34-2+deb12u2.

For the stable distribution (trixie), this problem has been fixed in
version 1.34-2+deb13u2.

We recommend that you upgrade your libyaml-syck-perl packages.

For the detailed security status of libyaml-syck-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libyaml-syck-perl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmnARfVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QTyw/5ASHoMf3SiwO5zkQO4msryWyWsrsf/7ztZ96VlR4zIs/fDmobkex3OAAA
9/781BP1p63qe8dYOqhvZR7R9jj361pJwVv9LH+mhGIw4vsRDK+MDq4EqNZ81aRo
vsjJOuQzZkTaGBsyTwFkDniSbctR5MkJv6POczpAO28nWqoLzx8q9Ozg6fcz/jpL
SXpH85BQ7UVj6DcTTFT2nIa9HXDjugtPOM2c3S44I2Uue9gdm58iRSkNeR/XIYJW
FbG1fKFR0RTUXLhojkbPaQwlQYCRjqSfb21Fn725+P81VDmDrptBEpzVm49nxh38
rvQvMUjSHCgilS/HutEuNDkbiIa/KXshQzhfXD6920aN1usJurJGV8nXzlGvRNxz
wS2BRo6ceUYuUxzBvp/1w9y8muzkCEIPO13ht/HWR7QJoyrHcgEsK8LY9TYCHG67
pPxPT6CwDH11HPC0qUQQ9IUNANgh3UUlX8cOP2vWfbpxtRRxSgVXkFj0vChELndv
aexDnmdiXlhIBnwznR7uTmNN+WBSAAM7Bx4CEzVrxTb6M1HBuP8jclrcm7787tb8
/l2ogC9uUY+0+CjNcznQLK4R9FxtMMUWLiMQY8sS/EtuclDqsEGl9X+waDJszyFb
iv9xb4zmItw/gHAe7QL31bVN2r8JC11h05Yk7luUF23Dfo9SVTE=
=AkHx
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6175-1] libyaml-syck-perl security update Salvatore Bonaccorso <carnil@debian.org> - 2026-03-22 21:40 +0100

csiph-web