drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Jansson
Name: |
Denial of Service in Jansson |
|
ID: |
DSA-3577-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie |
|
Datum: |
Sa, 14. Mai 2016, 20:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4425 |
|
Applikationen: |
Jansson |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3577-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini May 14, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : jansson CVE ID : CVE-2016-4425 Debian Bug : 823238
Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.
For the stable distribution (jessie), this problem has been fixed in version 2.7-1+deb8u1.
For the unstable distribution (sid), this problem has been fixed in version 2.7-5.
We recommend that you upgrade your jansson packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXN1f0AAoJEK+lG9bN5XPL6yMP/0rcvD6Leb575MxsRC1eq5oL NrwgqJ/x6kE96jHBYYcM8Ra+riJnNCLF1gcbX2vp/xBYbKPR63RvHKLm3J8BEc+j Hb3m+7joxf+JXkuKaPR51cm7sKQ6rWIKydd87KEXr1Iiam5a5MUfFJpHLkUvihZ9 TQAKSztIJumxlZKdIYH+0A7TghoeczPcioqDfRJ14kE9hwh4d+qnL0r/CYwGS88Q Zor0Zi4OWhHCU2BPzNLSN1qXRvOTgPRd/+bKrJHxbAY8UCyd7b+BDk9NWX9nkdfZ AoSYvLtPEQeGI8j0YZ9tzXKHX9E/WSWOrnPn0p1tn9qFvvAJpe/ev4/SooLD1a1O 2MyY77cattsX+LAHAZdsqasOzvd5EuIB9/kiwJ3tSfWjj9o08zjGH8hvp6vGeM+a EUfZfc7AyW+l6glxJ9n3Njf1w1JjyYW6X2NfPEo47EQLYngtDCHS1E3Qg2ZscEen DsTKTc2GrYrQqDylfZUTWUD+pVKp1itarYq5pT6Bwfm+Oul7PHnGS+eDW1DexCUk dBedSuOMm3yiBwDI/bscGUMz8EnAJt8+86IhGa+76DByI7EFA54g7SyYFI4y68Ir b2FqnRcT17JhMo+P6/5CchnZdYzwVfN9u/tlLX1JKpY0u5f2oQQia56iYdF7rtwg LP8qraUYeK60btbLYmpO =pQ8j -----END PGP SIGNATURE-----
|
|
|
|