Login
Newsletter
Werbung

Sicherheit: Ausführen von Code mit höheren Privilegien in rapidjson
Aktuelle Meldungen Distributionen
Name: Ausführen von Code mit höheren Privilegien in rapidjson
ID: FEDORA-2024-a3c1b2629e
Distribution: Fedora
Plattformen: Fedora 39
Datum: Fr, 19. Juli 2024, 06:43
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38517
Applikationen: RapidJSON

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2024-a3c1b2629e
2024-07-19 02:21:03.764679
-------------------------------------------------------------------------------
-

Name : rapidjson
Product : Fedora 39
Version : 1.1.0
Release : 41.fc39
URL : http://rapidjson.org/
Summary : Fast JSON parser and generator for C++
Description :
RapidJSON is a fast JSON parser and generator for C++. It was
inspired by RapidXml.

RapidJSON is small but complete. It supports both SAX and DOM style
API. The SAX parser is only a half thousand lines of code.

RapidJSON is fast. Its performance can be comparable to strlen().
It also optionally supports SSE2/SSE4.1 for acceleration.

RapidJSON is self-contained. It does not depend on external
libraries such as BOOST. It even does not depend on STL.

RapidJSON is memory friendly. Each JSON value occupies exactly
16/20 bytes for most 32/64-bit machines (excluding text string). By
default it uses a fast memory allocator, and the parser allocates
memory compactly during parsing.

RapidJSON is Unicode friendly. It supports UTF-8, UTF-16, UTF-32
(LE & BE), and their detection, validation and transcoding
internally. For example, you can read a UTF-8 file and let RapidJSON
transcode the JSON strings into UTF-16 in the DOM. It also supports
surrogates and "\u0000" (null character).

JSON(JavaScript Object Notation) is a light-weight data exchange
format. RapidJSON should be in fully compliance with RFC4627/ECMA-404.

-------------------------------------------------------------------------------
-
Update Information:

Fix for CVE-2024-38517.
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Jul 10 2024 Tom Hughes <tom@compton.nu> - 1.1.0-41
- Add patch for CVE-2024-38517 aka RHBZ#2296979
* Sun Feb 25 2024 Richard W.M. Jones <rjones@redhat.com> - 1.1.0-28
- Bump and rebuild package (for riscv64)
* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> -
1.1.0-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> -
1.1.0-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Tom Hughes <tom@compton.nu> - 1.1.0-25
- Add upstream patches for improved gcc 14 and C++20 support
* Fri Jan 5 2024 Honza Horak <hhorak@redhat.com> - 1.1.0-24
- SPDX migration
- Add BSD license that is used by stdint.h and inttypes.h
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #2296979 - CVE-2024-38517 rapidjson: privilege escalation via
integer underflow in GenericReader::ParseNumber() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2296979
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a3c1b2629e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-

--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung