--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2022-6a12c208cf
2022-09-29 03:17:40.785707
--------------------------------------------------------------------------------
Name : snakeyaml
Product : Fedora EPEL 8
Version : 1.32
Release : 1.el8
URL :
https://bitbucket.org/snakeyaml/snakeyaml
Summary : YAML parser and emitter for Java
Description :
SnakeYAML features:
* a complete YAML 1.1 parser. In particular,
SnakeYAML can parse all examples from the specification.
* Unicode support including UTF-8/UTF-16 input/output.
* high-level API for serializing and deserializing
native Java objects.
* support for all types from the YAML types repository.
* relatively sensible error messages.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-25857
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 16 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1.32-1
- Update to latest upstream 1.32 release
- Resolves: CVE-2022-25857
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.27-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 8 2022 Jiri Vanek <jvanek(a)redhat.com> - 1.27-7
- Rebuilt for Drop i686 JDKs
* Sat Feb 5 2022 Jiri Vanek <jvanek(a)redhat.com> - 1.27-6
- Rebuilt for java-17-openjdk as system jdk
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.27-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2126792 - CVE-2022-25857 snakeyaml: Denial of Service due missing to nested
depth limitation for collections. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2126792
[ 2 ] Bug #2130404 - CVE-2022-38749 snakeyaml: Uncaught exception in
org.yaml.snakeyaml.composer.Composer.composeSequenceNode [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2130404
[ 3 ] Bug #2130427 - CVE-2022-38750 snakeyaml: Uncaught exception in
org.yaml.snakeyaml.constructor.BaseConstructor.constructObject [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2130427
[ 4 ] Bug #2130436 - CVE-2022-38751 snakeyaml: Uncaught exception in
java.base/java.util.regex.Pattern$Ques.match [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2130436
[ 5 ] Bug #2130443 - CVE-2022-38752 snakeyaml: Uncaught exception in
java.base/java.util.ArrayList.hashCode [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2130443
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update snakeyaml' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------