Tuesday, April 22, 2014

Two Security Updates: libyaml and PHP

Two security updates were issued this morning to fix security flaws in yaml and PHP.

PHP is upgraded to 5.4.27 to fix the AWK script detector which can be triggered via a simple script to consume the CPU up to 100% due to backtracking. This update applies to Slackware 14.0 and newer.

libyaml is upgraded to 0.1.6 to fix heap overflow in URI escape parsing of YAML in Ruby and applied to Slackware 13.0 and newer.