Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: 2024-8c48a81cb9 Critical: yyjson Remote Code Execution

fedora
Calendar Grey April 19, 2024
Dist Fedora Esm H88
Important security patches for yyjson on Fedora 40 tackle remote code execution vulnerabilities. Review the latest update information immediately.
Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791; Security fix for CVE-2024-25713

Summary

A high performance JSON library written in ANSI C.

Features

- Fast: can read or write gigabytes per second JSON data on modern CPUs.

- Portable: complies with ANSI C (C89) for cross-platform compatibility.

- Strict: complies with RFC 8259 JSON standard, ensuring strict number format

and UTF-8 validation.

- Extendable: offers options to allow comments, trailing commas, NaN/Inf, and

custom memory allocator.

- Accuracy: can accurately read and write int64, uint64, and double numbers.

- Flexible: supports unlimited JSON nesting levels, \u0000 characters, and non

null-terminated strings.

- Manipulation: supports querying and modifying using JSON Pointer, JSON Patch

and JSON Merge Patch.

- Developer-Friendly: easy integration with only one h and one c file.

Update Information:

Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791; Security fix for CVE-2024-25713

Topics%20covered

Topics Covered

security advisory fedora critical software update remote code execution security fix yyjson

Change Log

* Tue Apr 9 2024 topazus - 0.9.0-1 - Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791

References


[ 1 ] Bug #2266791 - CVE-2024-25713 yyjson: double free leading to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266791 [ 2 ] Bug #2274045 - yyjson-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2274045

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8c48a81cb9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: yyjson
Product: Fedora 40
Version: 0.9.0
Release: 1.fc40
URL: https://github.com/ibireme/yyjson
Summary: A high performance JSON library written in ANSI C

Topics%20covered

Topics Covered

security advisory fedora critical software update remote code execution security fix yyjson

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here