-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-852b377773 2023-07-27 02:04:37.484718 --------------------------------------------------------------------------------
Name : yajl Product : Fedora 37 Version : 2.1.0 Release : 21.fc37 URL : http://lloyd.github.com/yajl/ Summary : Yet Another JSON Library (YAJL) Description : Yet Another JSON Library. YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator.
-------------------------------------------------------------------------------- Update Information:
Security fix for memory leak(s) leading to denial of service (CVE-2023-33460). Security fix for integer overflow leading to heap corruption (CVE-2022-24795) -------------------------------------------------------------------------------- ChangeLog:
* Mon Jul 10 2023 Daniel P. Berrang�� berrange@redhat.com - 2.1.0-21 - Switch to using git for managing patches - Fix potential buffer overread (CVE-2017-16516) - Fix integer overflow leading to heap corruption (CVE-2022-24795) - Fix multiple memory leaks (CVE-2023-33460) * Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2072912 - CVE-2022-24795 yajl: heap-based buffer overflow when handling large inputs due to an integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=2072912 [ 2 ] Bug #2221249 - CVE-2023-33460 yajl: Memory leak in yajl_tree_parse function https://bugzilla.redhat.com/show_bug.cgi?id=2221249 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-852b377773' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------