On Wed, May 24, 2017 at 5:51 PM, Apollon Oikonomopoulos wrote: > So, from my understanding the version in Wheezy cannot be fixed: the 2.7 > agents only use YAML to send out facts and upstream's fix is to simply > not accept anything other than PSON. Whitelisting YAML defeats the > purpose, as it's YAML's deserialization of untrusted data that leads to > remote code execution.
In Python/Perl YAML libraries there are ways to safely load YAML files, does Ruby not have the same possibilities? -- bye, pabs https://wiki.debian.org/PaulWise
