Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Mageia 9 MGASA-2024-0066 Moderate: Yajl Parser Denial Of Service Issue

mageia
Calendar Grey March 15, 2024
Dist Mageia Esm H88
Fedora releases updates for OpenSSL to resolve vulnerabilities, safeguarding against potential data breaches and enhancing security for web applications.
The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crash...

Summary

The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. (CVE-2017-16516) There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. (CVE-2023-33460)

References

- https://bugs.mageia.org/show_bug.cgi?id=32072

- https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html

- https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html

- https://www.cve.org/CVERecord?id=CVE-2017-16516

- https://www.cve.org/CVERecord?id=CVE-2023-33460

Resolution

SRPMS

- 9/core/yajl-2.1.0-6.1.mga9

Publication date: 15 Mar 2024
URL: https://advisories.mageia.org/MGASA-2024-0066.html
Type: security
CVE: CVE-2017-16516, CVE-2023-33460

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here