INFSA-2025:9330: perl-YAML-LibYAML security update
Information about definition
Identificator: INFSA-2025:9330
Type: security
Release date: 2025-07-17 21:29:43 UTC
Information about package
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby.
Vulnerabilities description
- CVE-2025-40908
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-40908
|
no information | 7.7 | no information |
Updated packages