Security
Security
A vulnerability has been discovered in YAML-LibYAML, which can lead to shell injection.
| Package | dev-perl/YAML-LibYAML on all architectures |
|---|---|
| Affected versions | < 0.903.0 |
| Unaffected versions | >= 0.903.0 |
YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl.
YAML-LibYAML uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.
Shell injection may be used to execute arbitrary code using a malicious filename.
There is no known workaround at this time.
All YAML-LibYAML users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/YAML-LibYAML-0.903.0"
Release date
June 12, 2025
Latest revision
June 12, 2025: 1
Severity
normal
Exploitable
local and remote
Bugzilla entries