http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13953 Bug ID: 13953 Summary: Bad QueryParser YAML config + old version of YAML::XS can cause segfault Change sponsored?: --- Product: Koha Version: 3.18 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: gmcharlt@gmail.com Reporter: gmcharlt@gmail.com QA Contact: testopia@bugs.koha-community.org A system that happens to have an old version of YAML::XS that does not have the fix for CVE-2014-9130 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130) can be subject to having processes that invoke a catalog search segfault if the following conditions are met: - QueryParser is enabled - etc/searchengine/queryparser.yaml is malformed in such a way as to trigger the assert that's the subject of the CVE - YAML::XS is installed on the system and is either older than version 0.53 or didn't get the fix backpatched by the distro The following mitigations are available: - first, fix queryparser.yaml - install a more recent version of YAML::XS - *remove* YAML::XS, in which case YAML::Any will switch to using YAML::Syck This bug is filed for informational purposes; since changes to queryparser.yaml have to be done on the filesystem, and since as near as I can tell, other uses of YAML are parsed using YAML::Syck or the pure-perl YAML module, I don't see there being a remote exploit. -- You are receiving this mail because: You are watching all bug changes.