You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa json-c

Sigurnosni nedostatak programskog paketa json-c

==========================================================================
Ubuntu Security Notice USN-4360-4
May 28, 2020

json-c vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

json-c could be made to execute arbitrary code if it received
a specially crafted JSON file.

Software Description:
– json-c: JSON manipulation library

Details:

USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a
memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides
the correct fix update for CVE-2020-12762.

Original advisory details:

It was discovered that json-c incorrectly handled certain JSON files.
An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libjson-c4 0.13.1+dfsg-7ubuntu0.3

Ubuntu 19.10:
libjson-c4 0.13.1+dfsg-4ubuntu0.3

Ubuntu 18.04 LTS:
libjson-c3 0.12.1-1.3ubuntu0.3

Ubuntu 16.04 LTS:
libjson-c2 0.11-4ubuntu2.6
libjson0 0.11-4ubuntu2.6

Ubuntu 14.04 ESM:
libjson-c2 0.11-3ubuntu1.2+esm3
libjson0 0.11-3ubuntu1.2+esm3

Ubuntu 12.04 ESM:
libjson0 0.9-1ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4360-4
https://usn.ubuntu.com/4360-1
CVE-2020-12762

Package Information:
https://launchpad.net/ubuntu/+source/json-c/0.13.1+dfsg-7ubuntu0.3
https://launchpad.net/ubuntu/+source/json-c/0.13.1+dfsg-4ubuntu0.3
https://launchpad.net/ubuntu/+source/json-c/0.12.1-1.3ubuntu0.3
https://launchpad.net/ubuntu/+source/json-c/0.11-4ubuntu2.6
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7PvJkACgkQRbznW4QL
H2nPIQ/9Efp5PjbquZZ8hcwvrGBWr9HjZlnlfhYXttxrRBHorkBmvLIFQBDZhE2w
c9BEtR8Xa21yP6ER5ucRchMABMV9JmcmiyNNY3oGWN61qAw23Ia2XGBP//I5k54C
Ahj3cXj1ZDr18QiuMBUoRpsUJ6YQ0mOS3dFYSUTC9EOgRvzpfeim9+MCEfJt+2oA
jBd4HLqpGiDtr3n4efI07phfCSgRUQDDJDLBspa3PUyE4L6fX+ecLWiYJmHTdpLA
sXdeAEjXrFex9DzZpdBrfcZF7mZZ9/Tl2FNhxAv8WPQdb5VeT1TX15cDZgYFhTXS
KomAiYweZ6Or8wFLYpozAmh8m4XXsfG4kVall5YxnxDPjpWxNxOYQlJ4SHPFODCI
sUJMDMcBsPge2M5wP7SGJsXqqphWRO3zE0+LbaDQWEgYTaALieaHC1lq+ZcgxR4h
DOzA/54d36hi8KVZGE99R9tPqx3myiVdVpQQfp0bk24J4zFhrHXANfjZauU8kLzy
Kk861+loGfvxvvuB/iI8M8uUyQpWAV+sXiNubR8uZqN1uRCpZ+a9Qrlew4rC4qwN
iSpUrk6/UQaF8isXnKZM0bczsTI1C8byygksNj+zXZwtgpskbmBEJN1/fogXeNjz
vQpFNiXUIc6fFKiI0wv7l4VWbapURmVY3pl3MAnLBLZzmj2FCYg=
=zgUy
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa openssl

Otkriveni su sigurnosni nedostaci u programskom paketu openssl za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija....

Close