Fedora 36: python-ujson 2022-1b2b8d5177 | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-1b2b8d5177
2022-07-23 01:59:14.445863
--------------------------------------------------------------------------------

Name        : python-ujson
Product     : Fedora 36
Version     : 5.4.0
Release     : 1.fc36
URL         : https://github.com/ultrajson/ultrajson
Summary     : Ultra fast JSON encoder and decoder written in pure C
Description :
UltraJSON is an ultra fast JSON encoder and decoder written in pure C with
bindings for Python.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2022-31116 and CVE-2022-31117.  ## 5.4.0  **Added**  - Add
support for arbitrary size integers  **Fixed**  - CVE-2022-31116: Replace
`wchar_t` string decoding implementation with a `uint32_t`-based one; fix
handling of surrogates on decoding - CVE-2022-31117: Potential double free of
buffer during string decoding - Fix memory leak on encoding errors when the
buffer was resized - Integer parsing: always detect overflows - Fix handling of
surrogates on encoding
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 14 2022 Alfredo Moralejo  - 5.4.0-1
- Update to 5.4.0 (closes rhbz#2103379)
- Includes fixes for CVE-2022-31117 and CVE-2022-31116
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2104739 - CVE-2022-31117 python-ujson: Potential double free of buffer during string decoding
        https://bugzilla.redhat.com/show_bug.cgi?id=2104739
  [ 2 ] Bug #2104740 - CVE-2022-31116 python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting
        https://bugzilla.redhat.com/show_bug.cgi?id=2104740
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-1b2b8d5177' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 36: python-ujson 2022-1b2b8d5177

July 22, 2022
Security fix for CVE-2022-31116 and CVE-2022-31117

Summary

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with

bindings for Python.

Update Information:

Security fix for CVE-2022-31116 and CVE-2022-31117. ## 5.4.0 **Added** - Add support for arbitrary size integers **Fixed** - CVE-2022-31116: Replace `wchar_t` string decoding implementation with a `uint32_t`-based one; fix handling of surrogates on decoding - CVE-2022-31117: Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized - Integer parsing: always detect overflows - Fix handling of surrogates on encoding

Change Log

* Thu Jul 14 2022 Alfredo Moralejo - 5.4.0-1 - Update to 5.4.0 (closes rhbz#2103379) - Includes fixes for CVE-2022-31117 and CVE-2022-31116

References

[ 1 ] Bug #2104739 - CVE-2022-31117 python-ujson: Potential double free of buffer during string decoding https://bugzilla.redhat.com/show_bug.cgi?id=2104739 [ 2 ] Bug #2104740 - CVE-2022-31116 python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting https://bugzilla.redhat.com/show_bug.cgi?id=2104740

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1b2b8d5177' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : python-ujson
Product : Fedora 36
Version : 5.4.0
Release : 1.fc36
URL : https://github.com/ultrajson/ultrajson
Summary : Ultra fast JSON encoder and decoder written in pure C

News

Advisories

HOWTOs

Features

Keeping Your Private Files Private: An Introduction to GNU Privacy Guard
Complete Guide to Ethical Hacking
Authoritative Guide on Linux Disk Encryption
Linux Database Security Tips
Everything You Need To Know About Open Source Network Monitoring Tools

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy