You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke json-c

Sigurnosni nedostatak programske biblioteke json-c

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4360-1
May 14, 2020

json-c vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

json-c could be made to execute arbitrary code if it received
a specially crafted JSON file.

Software Description:
– json-c: JSON manipulation library

Details:

It was discovered that json-c incorrectly handled certain JSON files.
An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libjson-c4 0.13.1+dfsg-7ubuntu0.1

Ubuntu 19.10:
libjson-c4 0.13.1+dfsg-4ubuntu0.1

Ubuntu 18.04 LTS:
libjson-c3 0.12.1-1.3ubuntu0.1

Ubuntu 16.04 LTS:
libjson-c2 0.11-4ubuntu2.1
libjson0 0.11-4ubuntu2.1

Ubuntu 14.04 ESM:
libjson-c2 0.11-3ubuntu1.2+esm1
libjson0 0.11-3ubuntu1.2+esm1

Ubuntu 12.04 ESM:
libjson0 0.9-1ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4360-1
CVE-2020-12762

Package Information:
https://launchpad.net/ubuntu/+source/json-c/0.13.1+dfsg-7ubuntu0.1
https://launchpad.net/ubuntu/+source/json-c/0.13.1+dfsg-4ubuntu0.1
https://launchpad.net/ubuntu/+source/json-c/0.12.1-1.3ubuntu0.1
https://launchpad.net/ubuntu/+source/json-c/0.11-4ubuntu2.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl69meQACgkQRbznW4QL
H2nhZA//WQEHF2pGsHa+uFcTvqS6DubJI1kvMBndM/qYB7y1b1wk9emG4PW5hmW3
rSzfJ35l/VFOe11DUlEKqNRVSRNahijXsN43hoPdaH1b+J76m+yIJzCsCKabMnp1
9hjxL5h6eOKXf1e7BLBtp7i6VPCT98wKc6QLxFKFJFnSR59asLrMcvw8q5XI/L0G
8yVS8nt7ZbJxZjC4swQYTUB+NMqUFDR3/AxpgCgHh3+wtML7Sibi3Hm7w3CHMPze
KvqPZfaKub2NOuSLLV5mJasF0xD7oZLRdMuXp6hZT1NMG0lVxfRLztELtQ3ozS7O
tAfgJkyIyrP5hjsam4vt0b2Yvg6o3OMhfkHgthTPPZDC4DV9ownVIgsF3JvjNMCT
HpagnKE9kI2RJXBpRHh5wy3AyVGs7Si/MquXcAWnQZFWBNVVr3bLa5B2Jm3Pkf3J
SBZVb9ic0C1lXQo6MXHhIH06O586dIQ0pgS95KYlBX7R7+MeBRBbxcqKZ++w16Yk
arxn8kBc8ZRUKU0cFpCvw3fK+yACaqzjIRUQBPIxRKlfNpZeuGNdbjLwuyr6u3cd
6lhi1o2aRvxuUoKs3HLnGtVIiTATeFL34MYO/aR1PCZoNn4H7Z0KRtxPqpSskmyI
/I6EO0dqgWotVxm1ibwLa27iyVH0VBoj36+qgVPz4Tvmcin2zw4=
=4f2E
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja ili otkrivanje osjetljivih...

Close