Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedorabuffer overflowFedora 43: rust-jiter Critical JSON Memory Leak Patch 2025-5164ea93d1
uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4154ea83d0 2025-11-05 02:09:57.817569+00:00 -------------------------------------------------------------------------------- Name : rust-jiter Product : Fedora 43 Version : 0.11.1 Release : 1.fc43 URL : https://crates.io/crates/jiter Summary : Fast Iterable JSON parser Description : Fast Iterable JSON parser. -------------------------------------------------------------------------------- Update Information: uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3 Blog post maturin 1.9.6 https://github.com/PyO3/maturin/blob/v1.9.6/Changelog.md python-typing-inspection 0.4.2 (2025-10-01) Add typing_objects.is_noextraitems() python-jiter 0.11.0 https://github.com/pydantic/jiter/releases/tag/v0.11.0 python-pydantic-extra-types 2.10.6 https://github.com/pydantic/pydantic-extra-types/releases/tag/v2.10.6 Typer 0.20.0 Features \u2728 Enable command suggestions on typo by default. Upgrades \u2b06\ufe0f Add (official) support for Python 3.14. Internal Assorted small enhancements. FastAPI 0.120.1 Upgrades \u2b06\ufe0f Bump Starlette to
Nov 05, 2025
•Important
Fedora
89
security advisoryfedoracriticalCritical Integer Overflow Vulnerability in perl-Cpanel-JSON-XS on Fedora 42
This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON (CVE-2025-40929).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f4f4dae8f2 2025-09-18 00:55:58.913935+00:00 -------------------------------------------------------------------------------- Name : perl-Cpanel-JSON-XS Product : Fedora 42 Version : 4.40 Release : 1.fc42 URL : https://metacpan.org/release/Cpanel-JSON-XS Summary : JSON::XS for Cpanel, fast and correct serializing Description : This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. -------------------------------------------------------------------------------- Update Information: This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON (CVE-2025-40929). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 9 2025 Paul Howarth - 4.40-1 - Update to 4.40 - Fix overflow with overlong numbers, fuzzing only (CVE-2025-40929) - Detect more malformed numbers, with two decimal points - Pin Github actions to latest @v via pinact run -u * Fri Jul 25 2025 Fedora Release Engineering - 4.39-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 8 2025 Jitka Plesnikova - 4.39-4 - Perl 5.42 re-rebuild of bootstrapped packages * Mon Jul 7 2025 Jitka Plesnikova - 4.39-3 - Perl 5.42 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2393917 - CVE-2025-40929 perl-Cpanel-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2393917 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f4f4dae8f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 18, 2025
•Critical
Fedora
87
security advisorydebianimportantDebian: cJSON Important Input Sanitization Issue DSA-6001-1 CVE-2025-57052
It was discovered that cJSON, an ultralightweight JSON parser, performed insufficient input sanitising, which could result in out-of-bounds memory access. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6001-1
Sep 14, 2025
•Important
Debian
89
security advisoryfedorasoftware updateFedora 32: FEDORA-2020-39852a8ef8 Critical Update for JSON Parser
Multiple bug fixes, including a fix for CVE-2020-10675 .. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-39852a8ef8 2020-04-25 02:14:03.393588 --------------------------------------------------------------------------------Name : golang-github-buger-jsonparser Product : Fedora 32 Version : 0 Release : 0.9.20200406gitf7e751e.fc32 URL : https://github.com/buger/jsonparser Summary : Alternative JSON parser for Go that does not require schema Description : Alternative JSON parser for Go. It does not require you to know the structure of the payload (eg. create structs), and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package (depending on payload size and usage), allocates no memory. --------------------------------------------------------------------------------Update Information: Multiple bug fixes, including a fix for CVE-2020-10675 . --------------------------------------------------------------------------------ChangeLog: * Mon Apr 6 2020 Dominik Mierzejewski - 0-0.9.20200406gitf7e751e - Bump to commit f7e751efca132eb5c767c4b0b20f68524ba89742 (fixes CVE-2020-10675) --------------------------------------------------------------------------------References: [ 1 ] Bug #1817733 - CVE-2020-10675 golang-github-buger-jsonparser: infinite loop via a Delete call https://bugzilla.redhat.com/show_bug.cgi?id=1817733 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-39852a8ef8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 24, 2020
•Critical
Fedora
89
security advisoryfedorabug fixFedora 31: FEDORA-2020-97e8a67945 Critical: JSON Parser Infinite Loop
Multiple bug fixes, including a fix for CVE-2020-10675 . . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-97e8a67945 2020-04-15 20:32:17.101637 --------------------------------------------------------------------------------Name : golang-github-buger-jsonparser Product : Fedora 31 Version : 0 Release : 0.8.20200406gitf7e751e.fc31 URL : https://github.com/buger/jsonparser Summary : Alternative JSON parser for Go that does not require schema Description : Alternative JSON parser for Go. It does not require you to know the structure of the payload (eg. create structs), and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package (depending on payload size and usage), allocates no memory. --------------------------------------------------------------------------------Update Information: Multiple bug fixes, including a fix for CVE-2020-10675 . --------------------------------------------------------------------------------ChangeLog: * Mon Apr 6 2020 Dominik Mierzejewski - 0-0.8.20200406gitf7e751e - Bump to commit f7e751efca132eb5c767c4b0b20f68524ba89742 (fixes CVE-2020-10675) --------------------------------------------------------------------------------References: [ 1 ] Bug #1817733 - CVE-2020-10675 golang-github-buger-jsonparser: infinite loop via a Delete call https://bugzilla.redhat.com/show_bug.cgi?id=1817733 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-97e8a67945' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 15, 2020
•Critical
Fedora
197
security advisorydenial of serviceupdateDebian Wheezy: DLA-1167-1 Urgent: Ruby-Yajl Denial Of Service Vulnerability
A vulnerability was found in ruby-yajl, an interface to Yajl, a JSON stream-based parser library. When a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This may result . Hash: SHA512 Package : ruby-yajl Version : 1.1.0-2+deb7u1 CVE ID : CVE-2017-16516 Debian Bug : 880691 A vulnerability was found in ruby-yajl, an interface to Yajl, a JSON stream-based parser library. When a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This may result in a denial of service. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.0-2+deb7u1. We recommend that you upgrade your ruby-yajl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Explore the newly released security patch for ruby-yajl on Debian LTS that resolves a significant issue related to JSON parsing vulnerabilities.. Debian LTS, Ruby-Yajl, Security Update, JSON Parser, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Nov 08, 2017
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!