Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0175)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0175

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0175)

Zusammenfassung: The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory.

Vulnerability Insight:
Updated json-c packages fix security vulnerabilities:

Florian Weimer reported that the printbuf APIs used in the json-c library used
ints for counting buffer lengths, which is inappropriate for 32bit
architectures. These functions need to be changed to using size_t if possible
for sizes, or to be hardened against negative values if not. This could be
used to cause a denial of service in an application linked to the json-c
library (CVE-2013-6370).

Florian Weimer reported that the hash function in the json-c library was weak,
and that parsing smallish JSON strings showed quadratic timing behaviour.
This could cause an application linked to the json-c library, and that
processes some specially-crafted JSON data, to use excessive amounts of CPU
(CVE-2013-6371).

Affected Software/OS:
'json-c' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-6370
57791
http://secunia.com/advisories/57791
66720
http://www.securityfocus.com/bid/66720
FEDORA-2014-5006
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html
MDVSA-2014:079
http://www.mandriva.com/security/advisories?name=MDVSA-2014:079
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.redhat.com/show_bug.cgi?id=1032322
https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
jsonc-cve20136370-bo(92540)
https://exchange.xforce.ibmcloud.com/vulnerabilities/92540
Common Vulnerability Exposure (CVE) ID: CVE-2013-6371
66715
http://www.securityfocus.com/bid/66715
https://bugzilla.redhat.com/show_bug.cgi?id=1032311
jsonc-cve20136371-dos(92541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/92541

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0175
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0175)
Zusammenfassung:	The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory. Vulnerability Insight: Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library (CVE-2013-6370). Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU (CVE-2013-6371). Affected Software/OS: 'json-c' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6370 57791 http://secunia.com/advisories/57791 66720 http://www.securityfocus.com/bid/66720 FEDORA-2014-5006 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html MDVSA-2014:079 http://www.mandriva.com/security/advisories?name=MDVSA-2014:079 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html https://bugzilla.redhat.com/show_bug.cgi?id=1032322 https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 jsonc-cve20136370-bo(92540) https://exchange.xforce.ibmcloud.com/vulnerabilities/92540 Common Vulnerability Exposure (CVE) ID: CVE-2013-6371 66715 http://www.securityfocus.com/bid/66715 https://bugzilla.redhat.com/show_bug.cgi?id=1032311 jsonc-cve20136371-dos(92541) https://exchange.xforce.ibmcloud.com/vulnerabilities/92541
Copyright	Copyright (C) 2022 Greenbone AG