Mehrere Probleme in json-c
ID: | 202006-13 |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Mo, 15. Juni 2020, 23:49 |
Referenzen: | https://nvd.nist.gov/vuln/detail/CVE-2020-12762 |
Applikationen: | json-c |
Originalnachricht |
|
--pS0IeWLqOQV1qy0L Content-Type: text/plain; charset=utf-8 Content-Disposition: inline - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: json-c: Multiple vulnerabilities Date: June 15, 2020 Bugs: #722150 ID: 202006-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in json-c, the worst of which could result in a Denial of Service condition. Background ========== json-c is a JSON implementation in C. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/json-c < 0.14-r3 >= 0.14-r3 Description =========== Multiple vulnerabilities have been discovered in json-c. Please review the CVE identifiers referenced below for details. Impact ====== A remote/local attacker could send a specially crafted file possibly resulting in a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All json-c users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/json-c-0.14-r3" References ========== [ 1 ] CVE-2020-12762 https://nvd.nist.gov/vuln/detail/CVE-2020-12762 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --pS0IeWLqOQV1qy0L Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEDA48qNrrn8VVVcst4yp5f7HQy3AFAl7nl2oACgkQ4yp5f7HQ y3BbewgAh0CLYeZIHBDsozU9WUtdj20GiYfgNIZa4Qt47rtQ1PTmGEUht/PcQx/z Nbd9Aomz9HVgHtmJnG4Twnizzftoz5ilxCtUMVCNYc4lkyE6C2I3z+iGov6eoVtq DgfvO8s5d5t/mb/xulYy3vsEdleBDcl9w+iLaUV/WJUlPskVNFcU4j1IJ5Jr8WBD khTtvB0gbaVylETJlwOjL7DNKOTQg0xXoYyZiETH+VWTbGtT7WJRy4PRWRuwi93n Lo+wIhP0yL5H/l5OGztMNjcx09mZavb53cZIhLRILtoYPItahpZYo9eZ8azLs6ce 25+Kx90B4eJ4L5NenCg3kHn7Raafgw== =p6eS -----END PGP SIGNATURE----- --pS0IeWLqOQV1qy0L-- |