You are here
Home > Preporuke > Ranjivost programskog paketa json-c

Ranjivost programskog paketa json-c

==========================================================================
Ubuntu Security Notice USN-2245-1
June 12, 2014

json-c vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS

Summary:

json-c could be made to crash or consume CPU if it processed a specially
crafted JSON document.

Software Description:
– json-c: JSON manipulation library

Details:

Florian Weimer discovered that json-c incorrectly handled buffer lengths.
An attacker could use this issue with a specially-crafted large JSON
document to cause json-c to crash, resulting in a denial of service.
(CVE-2013-6370)

Florian Weimer discovered that json-c incorrectly handled hash arrays. An
attacker could use this issue with a specially-crafted JSON document to
cause json-c to consume CPU resources, resulting in a denial of service.
(CVE-2013-6371)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libjson0 0.11-3ubuntu1.2

Ubuntu 13.10:
libjson0 0.11-2ubuntu1.2

Ubuntu 12.04 LTS:
libjson0 0.9-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2245-1
CVE-2013-6370, CVE-2013-6371

Package Information:
https://launchpad.net/ubuntu/+source/json-c/0.11-3ubuntu1.2
https://launchpad.net/ubuntu/+source/json-c/0.11-2ubuntu1.2
https://launchpad.net/ubuntu/+source/json-c/0.9-1ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTmdZPAAoJEGVp2FWnRL6TqiQP/1d7e+/aioHJOZOMUPx9tU5u
5GX+UPbY9C7jcoMEtYgi+9Jqq1fNQPvn+GRoUKu0NfQB+J270apDnsRPEfyGo4MW
JRLRzPWWz1l66QaBXoqyYkWPNh59p5MTTZB7roPCcZrVh/XykkuxKHFChEEFvbg5
W+3ILVHNpBt1zi/UK0XsJpHpD9eh/0NPiKJsoh9H5nuOXVFY7cHCfN0GmqZU5XA1
wb4oM2buniFtSix/2vqRevUvcdSFOeyeYW57Gg1kvp45bfedg6xh4mTJM6P9Z798
b2eFp7CUtYIjb+p+PBZqFt9r6juCRLvo7NzolFyS/StN9T+bTgX34xQEKNR+suoL
JcSPOOXHoDTlTUMdXd2fqu1WuneBCK3m7WRWGwDJW79U2e6huS82pgEQwgUyP5YL
7oHj5R5Cnraj5H5hT+F9Vf3pMEbnepjAeOlM2rLiX+nyEjSOwSmsQqySz4MyLKSE
+pnMD19+8yZRYQ4Rzj6tk3w6BVj02zeqnqB4eyDSAklk0QIFQ8hWBVCP1Wtz6m5K
D/HjFFYm5vqniCEQTkVoDPw8D0n7jxxTDVuJibvjnaVnDOccITWg2Q0LOwuakLt8
Vhe5bBGSNpkhX5TzM7iAJQNi3+ImkyHmBbRlM2FNAe+8WeHuPyCdMN4YqLxl0z7W
ULeEOYhtLx6iaUH894OF
=Uajg
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti programskog paketa icinga

Otkrivene su višestruke ranjivosti u sustavu za nadgledanje računala i mreže, Icinga. Ranjivosti su mogle biti iskorištene za izvršavanje proizvoljog...

Close