[SECURITY] [DSA 6175-1] libyaml-syck-perl security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6175-1] libyaml-syck-perl security update From : Salvatore Bonaccorso < carnil@debian.org > Date : Sun, 22 Mar 2026 19:43:21 +0000 Message-id : < [🔎] E1w4Ohl-00000007kXj-2wKM@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6175-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libyaml-syck-perl CVE ID : CVE-2026-4177 Several vulnerabilities were discovered in libyaml-syck-perl, a Perl module providing a fast, lightweight YAML loader and dumper, which may result in denial of service and potentially arbitrary code execution. For the oldstable distribution (bookworm), this problem has been fixed in version 1.34-2+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 1.34-2+deb13u2. We recommend that you upgrade your libyaml-syck-perl packages. For the detailed security status of libyaml-syck-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libyaml-syck-perl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmnARfVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QTyw/5ASHoMf3SiwO5zkQO4msryWyWsrsf/7ztZ96VlR4zIs/fDmobkex3OAAA 9/781BP1p63qe8dYOqhvZR7R9jj361pJwVv9LH+mhGIw4vsRDK+MDq4EqNZ81aRo vsjJOuQzZkTaGBsyTwFkDniSbctR5MkJv6POczpAO28nWqoLzx8q9Ozg6fcz/jpL SXpH85BQ7UVj6DcTTFT2nIa9HXDjugtPOM2c3S44I2Uue9gdm58iRSkNeR/XIYJW FbG1fKFR0RTUXLhojkbPaQwlQYCRjqSfb21Fn725+P81VDmDrptBEpzVm49nxh38 rvQvMUjSHCgilS/HutEuNDkbiIa/KXshQzhfXD6920aN1usJurJGV8nXzlGvRNxz wS2BRo6ceUYuUxzBvp/1w9y8muzkCEIPO13ht/HWR7QJoyrHcgEsK8LY9TYCHG67 pPxPT6CwDH11HPC0qUQQ9IUNANgh3UUlX8cOP2vWfbpxtRRxSgVXkFj0vChELndv aexDnmdiXlhIBnwznR7uTmNN+WBSAAM7Bx4CEzVrxTb6M1HBuP8jclrcm7787tb8 /l2ogC9uUY+0+CjNcznQLK4R9FxtMMUWLiMQY8sS/EtuclDqsEGl9X+waDJszyFb iv9xb4zmItw/gHAe7QL31bVN2r8JC11h05Yk7luUF23Dfo9SVTE= =AkHx -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6174-1] spip security update Previous by thread: [SECURITY] [DSA 6174-1] spip security update Index(es): Date Thread