Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in json-c
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in json-c
ID: USN-2245-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 13.10, Ubuntu 14.04 LTS
Datum: Fr, 13. Juni 2014, 07:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6371
Applikationen: json-c

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0307665301023739186==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qUAOSLfFQNsGgnS8wK31rfOjIkPkt8tnS"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--qUAOSLfFQNsGgnS8wK31rfOjIkPkt8tnS
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2245-1
June 12, 2014

json-c vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS

Summary:

json-c could be made to crash or consume CPU if it processed a specially
crafted JSON document.

Software Description:
- json-c: JSON manipulation library

Details:

Florian Weimer discovered that json-c incorrectly handled buffer lengths.
An attacker could use this issue with a specially-crafted large JSON
document to cause json-c to crash, resulting in a denial of service.
(CVE-2013-6370)

Florian Weimer discovered that json-c incorrectly handled hash arrays. An
attacker could use this issue with a specially-crafted JSON document to
cause json-c to consume CPU resources, resulting in a denial of service.
(CVE-2013-6371)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libjson0 0.11-3ubuntu1.2

Ubuntu 13.10:
libjson0 0.11-2ubuntu1.2

Ubuntu 12.04 LTS:
libjson0 0.9-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2245-1
CVE-2013-6370, CVE-2013-6371

Package Information:
https://launchpad.net/ubuntu/+source/json-c/0.11-3ubuntu1.2
https://launchpad.net/ubuntu/+source/json-c/0.11-2ubuntu1.2
https://launchpad.net/ubuntu/+source/json-c/0.9-1ubuntu1.1



--qUAOSLfFQNsGgnS8wK31rfOjIkPkt8tnS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTmdZPAAoJEGVp2FWnRL6TqiQP/1d7e+/aioHJOZOMUPx9tU5u
5GX+UPbY9C7jcoMEtYgi+9Jqq1fNQPvn+GRoUKu0NfQB+J270apDnsRPEfyGo4MW
JRLRzPWWz1l66QaBXoqyYkWPNh59p5MTTZB7roPCcZrVh/XykkuxKHFChEEFvbg5
W+3ILVHNpBt1zi/UK0XsJpHpD9eh/0NPiKJsoh9H5nuOXVFY7cHCfN0GmqZU5XA1
wb4oM2buniFtSix/2vqRevUvcdSFOeyeYW57Gg1kvp45bfedg6xh4mTJM6P9Z798
b2eFp7CUtYIjb+p+PBZqFt9r6juCRLvo7NzolFyS/StN9T+bTgX34xQEKNR+suoL
JcSPOOXHoDTlTUMdXd2fqu1WuneBCK3m7WRWGwDJW79U2e6huS82pgEQwgUyP5YL
7oHj5R5Cnraj5H5hT+F9Vf3pMEbnepjAeOlM2rLiX+nyEjSOwSmsQqySz4MyLKSE
+pnMD19+8yZRYQ4Rzj6tk3w6BVj02zeqnqB4eyDSAklk0QIFQ8hWBVCP1Wtz6m5K
D/HjFFYm5vqniCEQTkVoDPw8D0n7jxxTDVuJibvjnaVnDOccITWg2Q0LOwuakLt8
Vhe5bBGSNpkhX5TzM7iAJQNi3+ImkyHmBbRlM2FNAe+8WeHuPyCdMN4YqLxl0z7W
ULeEOYhtLx6iaUH894OF
=Uajg
-----END PGP SIGNATURE-----

--qUAOSLfFQNsGgnS8wK31rfOjIkPkt8tnS--


--===============0307665301023739186==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0307665301023739186==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung