- Detalji os-a: LUB
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2245-1
June 12, 2014
json-c vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
Summary:
json-c could be made to crash or consume CPU if it processed a specially
crafted JSON document.
Software Description:
– json-c: JSON manipulation library
Details:
Florian Weimer discovered that json-c incorrectly handled buffer lengths.
An attacker could use this issue with a specially-crafted large JSON
document to cause json-c to crash, resulting in a denial of service.
(CVE-2013-6370)
Florian Weimer discovered that json-c incorrectly handled hash arrays. An
attacker could use this issue with a specially-crafted JSON document to
cause json-c to consume CPU resources, resulting in a denial of service.
(CVE-2013-6371)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libjson0 0.11-3ubuntu1.2
Ubuntu 13.10:
libjson0 0.11-2ubuntu1.2
Ubuntu 12.04 LTS:
libjson0 0.9-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2245-1
CVE-2013-6370, CVE-2013-6371
Package Information:
https://launchpad.net/ubuntu/+source/json-c/0.11-3ubuntu1.2
https://launchpad.net/ubuntu/+source/json-c/0.11-2ubuntu1.2
https://launchpad.net/ubuntu/+source/json-c/0.9-1ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTmdZPAAoJEGVp2FWnRL6TqiQP/1d7e+/aioHJOZOMUPx9tU5u
5GX+UPbY9C7jcoMEtYgi+9Jqq1fNQPvn+GRoUKu0NfQB+J270apDnsRPEfyGo4MW
JRLRzPWWz1l66QaBXoqyYkWPNh59p5MTTZB7roPCcZrVh/XykkuxKHFChEEFvbg5
W+3ILVHNpBt1zi/UK0XsJpHpD9eh/0NPiKJsoh9H5nuOXVFY7cHCfN0GmqZU5XA1
wb4oM2buniFtSix/2vqRevUvcdSFOeyeYW57Gg1kvp45bfedg6xh4mTJM6P9Z798
b2eFp7CUtYIjb+p+PBZqFt9r6juCRLvo7NzolFyS/StN9T+bTgX34xQEKNR+suoL
JcSPOOXHoDTlTUMdXd2fqu1WuneBCK3m7WRWGwDJW79U2e6huS82pgEQwgUyP5YL
7oHj5R5Cnraj5H5hT+F9Vf3pMEbnepjAeOlM2rLiX+nyEjSOwSmsQqySz4MyLKSE
+pnMD19+8yZRYQ4Rzj6tk3w6BVj02zeqnqB4eyDSAklk0QIFQ8hWBVCP1Wtz6m5K
D/HjFFYm5vqniCEQTkVoDPw8D0n7jxxTDVuJibvjnaVnDOccITWg2Q0LOwuakLt8
Vhe5bBGSNpkhX5TzM7iAJQNi3+ImkyHmBbRlM2FNAe+8WeHuPyCdMN4YqLxl0z7W
ULeEOYhtLx6iaUH894OF
=Uajg
—–END PGP SIGNATURE—–
—
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-06-0011-ADV |
| Cve | CVE-2013-6370 CVE-2013-6371 |
| ID izvornika | USN-2245-1 |
| Proizvod | json-c |
| Izvor | http://www.ubuntu.com |
