drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in UltraJSON
Name: |
Mehrere Probleme in UltraJSON |
|
ID: |
USN-6629-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 22.04 LTS (Available with Ubuntu Pro), Ubuntu 18.04 LTS (Available with Ubuntu Pro) |
|
Datum: |
Mi, 14. Februar 2024, 06:07 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31116 |
|
Applikationen: |
UltraJSON |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1878074335350872832== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------1Mcj85f6X9db7pIswmSFZjHA"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------1Mcj85f6X9db7pIswmSFZjHA Content-Type: multipart/mixed; boundary="------------B9C2kPFQVdw0aE0dOhcCaMde"; protected-headers="v1" From: Allen Huang <allen.huang@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <3793f5e8-c4cc-4e23-9702-706536e0ea7c@canonical.com> Subject: [USN-6629-1] UltraJSON vulnerabilities
--------------B9C2kPFQVdw0aE0dOhcCaMde Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6629-1 February 14, 2024
ujson vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in UltraJSON.
Software Description: - ujson: ultra fast JSON encoder and decoder for Python 3
Details:
It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2021-45958)
Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. (CVE-2022-31116)
It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory. (CVE-2022-31117)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro): python3-ujson 5.1.0-1ubuntu0.1~esm1
Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-ujson 1.35-2ubuntu0.1~esm1 python3-ujson 1.35-2ubuntu0.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro): python-ujson 1.33-1ubuntu0.1~esm2 python3-ujson 1.33-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6629-1 CVE-2021-45958, CVE-2022-31116, CVE-2022-31117
--------------B9C2kPFQVdw0aE0dOhcCaMde--
--------------1Mcj85f6X9db7pIswmSFZjHA Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEhC9y9XdAFQPCvYXchGmXSGiknnUFAmXMJRgFAwAAAAAACgkQhGmXSGiknnU0 NBAAtaXPVD5aLF6oc6oVTNg6KCsHUOEVQVOEMjDN396BaygCa992GZsOZp1F5BHfKQbbd646dmeI yTKGrmdTz1BB+uK9W4yxhR2QrFPyfx2tzpsoqhH1Whgi1PoBHcWo/ksCVToS+xjweCIyywsfF2ai 2by3jEde5qSA4MSjssotuvrHz018ow0xFNGUMAHSuk3J/GDOWIf3YScLjbSDeSBKOT6XeZJWHSwh Jav4bx3Y/nuJyNU2pY/vCU0ehulpl2C55W07Nq6YpmPPNuKweMyXwhbMT7YzIdx9SLf5nQJgAUjp /N/LYNMhDLFs8FoBy/J3wm2pM5PflOeQZWipaIb7bqNvrzfYpsbWhwEqvIgW3dwj70pdcToyRJYi fXaY7zs+brkyezmG+jAe0tjv9QDO+ejJMgDOgnVZWbbiaFvdcrIrHUfIy/IRoCOgMA+BamLOd6wz B4N2yn5IlYG4alfG//rMG0Fp2+aOgp0+ERbUw59uvcetaSKN6aCT/vicjvkqtvUJDcD54HoY1gwi oiY5AYeMem1bpXmh3ABSTYkFT2exTtl54EHpIVe205KxuR85H/IdX/DJTP/ut5/sRXr/KrhHc7jJ 7hmmOkYOOzxh9KwDFEcN6n8gjLGPG9tptjyL5Fq8fb9eqNDPnOxpQmAYGHjdj5HAasmoeZf5M2Fz 0n4= =ENBp -----END PGP SIGNATURE-----
--------------1Mcj85f6X9db7pIswmSFZjHA--
--===============1878074335350872832== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============1878074335350872832==--
|
|
|
|