moderate: PyYAML/cracklib security update
moderate
An update for PyYAML/cracklib is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
PyYAML:
cracklib:
Security Fix(es):
PyYAML: n assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.(CVE-2014-9130)
PyYAML: bugfix
cracklib: Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.(CVE-2016-6318)
cracklib: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.01B6.