latest security vulnerbilities

Topic: latest security vulnerbilities (Read 1627 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

latest security vulnerbilities

09 April 2019, 12:29:34

https://resources.whitesourcesoftware.com/blog-whitesource/top-5-new-open-source-security-vulnerabilities-in-march-2019?utm_source=twitter&utm_medium=channel&utm_term=blog-whitesource/top-5-new-open-source-security-vulnerabilities-in-march-2019&utm_content=top5-vulnerabilities-marchpat-li

libssh2 JS-YAML Linux kernel among others..

Re: latest security vulnerbilities

Reply #1 – 09 April 2019, 16:10:37

The js-yaml version in the AUR is vulnerable:
$ yay -Ss js-yaml
aur/nodejs-js-yaml 3.10.0-1 (+1 0.00%)
YAML 1.2 parser and writer

https://aur.archlinux.org/packages/nodejs-js-yaml
First Submitted: 2017-09-16 10:20
Last Updated: 2017-09-16 10:21

#3 JS-YAML
Affected versions: All versions prior to 3.13.0

safer-eval is not a package unless it's there under a different name and the others are OK at their current versions.

Re: latest security vulnerbilities

Reply #2 – 10 April 2019, 04:04:25

what is yaml?

Re: latest security vulnerbilities

Reply #3 – 10 April 2019, 10:56:07

Quote from: mrbrklyn – on 10 April 2019, 04:04:25

what is yaml?

gnu-yaml
GNU NOT UNIX
YAML AINT MARKUP LANGUAGE

UNIX NOT IBM X-operating-system

Re: latest security vulnerbilities

Reply #4 – 15 April 2019, 02:28:35

It's been updated to a secure version:
Package Details: nodejs-js-yaml 3.13.1-1
If you git clone artix pkgbuild's there are yaml files in a hidden directory:
openrc/.artixlinux/agent.yaml
Contents of this file:

%YAML 1.2
---

label: master

Mysterious secret yaml agents? What do they do?