OESA-2025-1591
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1591
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-1591.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-1591
- Upstream
- Published
- 2025-06-06T14:03:35Z
- Modified
- 2025-08-12T05:50:41.932003Z
- Summary
- perl-YAML-LibYAML security update
- Details
-
Security Fix(es):
A vulnerability was found in TINITA YAML-LibYAML up to 0.902.x on Perl. It has been classified as problematic.CWE is classifying the issue as CWE-552. The product makes files or directories accessible to unauthorized actors, even though they should not be.This is going to have an impact on confidentiality.Upgrading to version 0.903.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-40908)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP4
perl-YAML-LibYAML
Package
- Name
- perl-YAML-LibYAML
- Purl
- pkg:rpm/openEuler/perl-YAML-LibYAML&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.74-3.oe2003sp4
Ecosystem specific
{
"aarch64": [
"perl-YAML-LibYAML-0.74-3.oe2003sp4.aarch64.rpm",
"perl-YAML-LibYAML-debuginfo-0.74-3.oe2003sp4.aarch64.rpm",
"perl-YAML-LibYAML-debugsource-0.74-3.oe2003sp4.aarch64.rpm",
"perl-YAML-LibYAML-help-0.74-3.oe2003sp4.aarch64.rpm"
],
"src": [
"perl-YAML-LibYAML-0.74-3.oe2003sp4.src.rpm"
],
"x86_64": [
"perl-YAML-LibYAML-0.74-3.oe2003sp4.x86_64.rpm",
"perl-YAML-LibYAML-debuginfo-0.74-3.oe2003sp4.x86_64.rpm",
"perl-YAML-LibYAML-debugsource-0.74-3.oe2003sp4.x86_64.rpm",
"perl-YAML-LibYAML-help-0.74-3.oe2003sp4.x86_64.rpm"
]
}openEuler:22.03-LTS-SP3
perl-YAML-LibYAML
Package
- Name
- perl-YAML-LibYAML
- Purl
- pkg:rpm/openEuler/perl-YAML-LibYAML&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.83-2.oe2203sp3
Ecosystem specific
{
"aarch64": [
"perl-YAML-LibYAML-0.83-2.oe2203sp3.aarch64.rpm",
"perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp3.aarch64.rpm",
"perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp3.aarch64.rpm",
"perl-YAML-LibYAML-help-0.83-2.oe2203sp3.aarch64.rpm"
],
"src": [
"perl-YAML-LibYAML-0.83-2.oe2203sp3.src.rpm"
],
"x86_64": [
"perl-YAML-LibYAML-0.83-2.oe2203sp3.x86_64.rpm",
"perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp3.x86_64.rpm",
"perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp3.x86_64.rpm",
"perl-YAML-LibYAML-help-0.83-2.oe2203sp3.x86_64.rpm"
]
}openEuler:22.03-LTS-SP4
perl-YAML-LibYAML
Package
- Name
- perl-YAML-LibYAML
- Purl
- pkg:rpm/openEuler/perl-YAML-LibYAML&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.83-2.oe2203sp4
Ecosystem specific
{
"aarch64": [
"perl-YAML-LibYAML-0.83-2.oe2203sp4.aarch64.rpm",
"perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp4.aarch64.rpm",
"perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp4.aarch64.rpm",
"perl-YAML-LibYAML-help-0.83-2.oe2203sp4.aarch64.rpm"
],
"src": [
"perl-YAML-LibYAML-0.83-2.oe2203sp4.src.rpm"
],
"x86_64": [
"perl-YAML-LibYAML-0.83-2.oe2203sp4.x86_64.rpm",
"perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp4.x86_64.rpm",
"perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp4.x86_64.rpm",
"perl-YAML-LibYAML-help-0.83-2.oe2203sp4.x86_64.rpm"
]
}openEuler:24.03-LTS
perl-YAML-LibYAML
Package
- Name
- perl-YAML-LibYAML
- Purl
- pkg:rpm/openEuler/perl-YAML-LibYAML&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.88-2.oe2403sp1
Ecosystem specific
{
"aarch64": [
"perl-YAML-LibYAML-0.88-2.oe2403.aarch64.rpm",
"perl-YAML-LibYAML-debuginfo-0.88-2.oe2403.aarch64.rpm",
"perl-YAML-LibYAML-debugsource-0.88-2.oe2403.aarch64.rpm",
"perl-YAML-LibYAML-help-0.88-2.oe2403.aarch64.rpm",
"perl-YAML-LibYAML-0.88-2.oe2403sp1.aarch64.rpm",
"perl-YAML-LibYAML-debuginfo-0.88-2.oe2403sp1.aarch64.rpm",
"perl-YAML-LibYAML-debugsource-0.88-2.oe2403sp1.aarch64.rpm",
"perl-YAML-LibYAML-help-0.88-2.oe2403sp1.aarch64.rpm"
],
"src": [
"perl-YAML-LibYAML-0.88-2.oe2403.src.rpm",
"perl-YAML-LibYAML-0.88-2.oe2403sp1.src.rpm"
],
"x86_64": [
"perl-YAML-LibYAML-0.88-2.oe2403.x86_64.rpm",
"perl-YAML-LibYAML-debuginfo-0.88-2.oe2403.x86_64.rpm",
"perl-YAML-LibYAML-debugsource-0.88-2.oe2403.x86_64.rpm",
"perl-YAML-LibYAML-help-0.88-2.oe2403.x86_64.rpm",
"perl-YAML-LibYAML-0.88-2.oe2403sp1.x86_64.rpm",
"perl-YAML-LibYAML-debuginfo-0.88-2.oe2403sp1.x86_64.rpm",
"perl-YAML-LibYAML-debugsource-0.88-2.oe2403sp1.x86_64.rpm",
"perl-YAML-LibYAML-help-0.88-2.oe2403sp1.x86_64.rpm"
]
}openEuler:24.03-LTS-SP1
perl-YAML-LibYAML
Package
- Name
- perl-YAML-LibYAML
- Purl
- pkg:rpm/openEuler/perl-YAML-LibYAML&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.88-2.oe2403sp1
Ecosystem specific
{
"aarch64": [
"perl-YAML-LibYAML-0.88-2.oe2403sp1.aarch64.rpm",
"perl-YAML-LibYAML-debuginfo-0.88-2.oe2403sp1.aarch64.rpm",
"perl-YAML-LibYAML-debugsource-0.88-2.oe2403sp1.aarch64.rpm",
"perl-YAML-LibYAML-help-0.88-2.oe2403sp1.aarch64.rpm"
],
"src": [
"perl-YAML-LibYAML-0.88-2.oe2403sp1.src.rpm"
],
"x86_64": [
"perl-YAML-LibYAML-0.88-2.oe2403sp1.x86_64.rpm",
"perl-YAML-LibYAML-debuginfo-0.88-2.oe2403sp1.x86_64.rpm",
"perl-YAML-LibYAML-debugsource-0.88-2.oe2403sp1.x86_64.rpm",
"perl-YAML-LibYAML-help-0.88-2.oe2403sp1.x86_64.rpm"
]
}