Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Ubuntu 22.04 LTS USN-6629-1 Critical: UltraJSON DoS And Memory Issues

ubuntu
Calendar Grey February 14, 2024
Dist Ubuntu Esm H88
Ensure your Ubuntu installations are fully updated to mitigate various security vulnerabilities associated with UltraJSON that could impact Python's JSON processing and memory stability.
Several security issues were fixed in UltraJSON.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in UltraJSON. Software Description: - ujson: ultra fast JSON encoder and decoder for Python 3 Details: It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2021-45958) Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. (CVE-2022-31116) It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory. (CVE-2022-31117) ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service memory corruption Ubuntu json issue UltraJSON

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): python3-ujson 5.1.0-1ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-ujson 1.35-2ubuntu0.1~esm1 python3-ujson 1.35-2ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): python-ujson 1.33-1ubuntu0.1~esm2 python3-ujson 1.33-1ubuntu0.1~esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6629-1

CVE-2021-45958, CVE-2022-31116, CVE-2022-31117

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6629-1

Topics%20covered

Topics Covered

security advisory denial of service memory corruption Ubuntu json issue UltraJSON

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here