An update for perl-YAML-LibYAML is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1591 Final 1.0 1.0 2025-06-06 Initial 2025-06-06 2025-06-06 openEuler SA Tool V1.0 2025-06-06 perl-YAML-LibYAML security update An update for perl-YAML-LibYAML is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Fix(es): A vulnerability was found in TINITA YAML-LibYAML up to 0.902.x on Perl. It has been classified as problematic.CWE is classifying the issue as CWE-552. The product makes files or directories accessible to unauthorized actors, even though they should not be.This is going to have an impact on confidentiality.Upgrading to version 0.903.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-40908) An update for perl-YAML-LibYAML is now available for openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical perl-YAML-LibYAML https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1591 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-40908 https://nvd.nist.gov/vuln/detail/CVE-2025-40908 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 perl-YAML-LibYAML-0.83-2.oe2203sp4.src.rpm perl-YAML-LibYAML-0.88-2.oe2403.src.rpm perl-YAML-LibYAML-0.88-2.oe2403sp1.src.rpm perl-YAML-LibYAML-0.74-3.oe2003sp4.src.rpm perl-YAML-LibYAML-0.83-2.oe2203sp3.src.rpm perl-YAML-LibYAML-0.83-2.oe2203sp4.x86_64.rpm perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp4.x86_64.rpm perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp4.x86_64.rpm perl-YAML-LibYAML-help-0.83-2.oe2203sp4.x86_64.rpm perl-YAML-LibYAML-0.88-2.oe2403.x86_64.rpm perl-YAML-LibYAML-debuginfo-0.88-2.oe2403.x86_64.rpm perl-YAML-LibYAML-debugsource-0.88-2.oe2403.x86_64.rpm perl-YAML-LibYAML-help-0.88-2.oe2403.x86_64.rpm perl-YAML-LibYAML-0.88-2.oe2403sp1.x86_64.rpm perl-YAML-LibYAML-debuginfo-0.88-2.oe2403sp1.x86_64.rpm perl-YAML-LibYAML-debugsource-0.88-2.oe2403sp1.x86_64.rpm perl-YAML-LibYAML-help-0.88-2.oe2403sp1.x86_64.rpm perl-YAML-LibYAML-0.74-3.oe2003sp4.x86_64.rpm perl-YAML-LibYAML-debuginfo-0.74-3.oe2003sp4.x86_64.rpm perl-YAML-LibYAML-debugsource-0.74-3.oe2003sp4.x86_64.rpm perl-YAML-LibYAML-help-0.74-3.oe2003sp4.x86_64.rpm perl-YAML-LibYAML-0.83-2.oe2203sp3.x86_64.rpm perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp3.x86_64.rpm perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp3.x86_64.rpm perl-YAML-LibYAML-help-0.83-2.oe2203sp3.x86_64.rpm perl-YAML-LibYAML-0.83-2.oe2203sp4.aarch64.rpm perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp4.aarch64.rpm perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp4.aarch64.rpm perl-YAML-LibYAML-help-0.83-2.oe2203sp4.aarch64.rpm perl-YAML-LibYAML-0.88-2.oe2403.aarch64.rpm perl-YAML-LibYAML-debuginfo-0.88-2.oe2403.aarch64.rpm perl-YAML-LibYAML-debugsource-0.88-2.oe2403.aarch64.rpm perl-YAML-LibYAML-help-0.88-2.oe2403.aarch64.rpm perl-YAML-LibYAML-0.88-2.oe2403sp1.aarch64.rpm perl-YAML-LibYAML-debuginfo-0.88-2.oe2403sp1.aarch64.rpm perl-YAML-LibYAML-debugsource-0.88-2.oe2403sp1.aarch64.rpm perl-YAML-LibYAML-help-0.88-2.oe2403sp1.aarch64.rpm perl-YAML-LibYAML-0.74-3.oe2003sp4.aarch64.rpm perl-YAML-LibYAML-debuginfo-0.74-3.oe2003sp4.aarch64.rpm perl-YAML-LibYAML-debugsource-0.74-3.oe2003sp4.aarch64.rpm perl-YAML-LibYAML-help-0.74-3.oe2003sp4.aarch64.rpm perl-YAML-LibYAML-0.83-2.oe2203sp3.aarch64.rpm perl-YAML-LibYAML-debuginfo-0.83-2.oe2203sp3.aarch64.rpm perl-YAML-LibYAML-debugsource-0.83-2.oe2203sp3.aarch64.rpm perl-YAML-LibYAML-help-0.83-2.oe2203sp3.aarch64.rpm A vulnerability was found in TINITA YAML-LibYAML up to 0.902.x on Perl. It has been classified as problematic.CWE is classifying the issue as CWE-552. The product makes files or directories accessible to unauthorized actors, even though they should not be.This is going to have an impact on confidentiality.Upgrading to version 0.903.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. 2025-06-06 CVE-2025-40908 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N perl-YAML-LibYAML security update 2025-06-06 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1591