Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.04 USN-6233-2 critical: YAJL memory corruption threat

ubuntu
Calendar Grey December 14, 2023
Dist Ubuntu Esm H88
Protect your Ubuntu systems by applying the newest YAJL updates to mitigate security risks and ensure continuous operation.
Several security issues were fixed in YAJL.

Summary

Several security issues were fixed in YAJL.

Software Description:

- yajl: Yet Another JSON Library

Details:

USN-6233-1 fixed vulnerabilities in YAJL. This update provides the

corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu

23.04.

Original advisory details:

 It was discovered that YAJL was not properly performing bounds checks when

 decoding a string with escape sequences. If a user or automated system

 using YAJL were tricked into processing specially crafted input, an

 attacker could possibly use this issue to cause a denial of service

 (application abort). (CVE-2017-16516)

 It was discovered that YAJL was not properly handling memory allocation

 when dealing with large inputs, which could lead to heap memory

 corruption. If a user or automated system using YAJL were tricked into

 running a specially crafted large input, an attacker could possibly use

 this issue to cause a denial of service. (CVE-2022-2479...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   libyajl2                        2.1.0-3ubuntu0.23.04.1

Ubuntu 22.04 LTS:
   libyajl2                        2.1.0-3ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   libyajl2                        2.1.0-3ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6233-2

  https://ubuntu.com/security/notices/USN-6233-1

  CVE-2017-16516, CVE-2022-24795, CVE-2023-33460

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6233-2

Package Information

  https://launchpad.net/ubuntu/+source/yajl/2.1.0-3ubuntu0.23.04.1
  https://launchpad.net/ubuntu/+source/yajl/2.1.0-3ubuntu0.22.04.1
  https://launchpad.net/ubuntu/+source/yajl/2.1.0-3ubuntu0.20.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here