Red Hat Local Security Checks : RedHat Update for json-c RHSA-2014:0703-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871185

Categoría: Red Hat Local Security Checks

Título: RedHat Update for json-c RHSA-2014:0703-01

Resumen: The remote host is missing an update for the 'json-c'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'json-c'
package(s) announced via the referenced advisory.

Vulnerability Insight:
JSON-C implements a reference counting object model that allows you to
easily construct JSON objects in C, output them as JSON-formatted strings,
and parse JSON-formatted strings back into the C representation of
JSON objects.

Multiple buffer overflow flaws were found in the way the json-c library
handled long strings in JSON documents. An attacker able to make an
application using json-c parse excessively large JSON input could cause the
application to crash. (CVE-2013-6370)

A denial of service flaw was found in the implementation of hash arrays in
json-c. An attacker could use this flaw to make an application using json-c
consume an excessive amount of CPU time by providing a specially crafted
JSON document that triggers multiple hash function collisions. To mitigate
this issue, json-c now uses a different hash function and randomization to
reduce the chance of an attacker successfully causing intentional
collisions. (CVE-2013-6371)

These issues were discovered by Florian Weimer of the Red Hat Product
Security Team.

All json-c users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Affected Software/OS:
json-c on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-6370
57791
http://secunia.com/advisories/57791
66720
http://www.securityfocus.com/bid/66720
FEDORA-2014-5006
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html
MDVSA-2014:079
http://www.mandriva.com/security/advisories?name=MDVSA-2014:079
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.redhat.com/show_bug.cgi?id=1032322
https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
jsonc-cve20136370-bo(92540)
https://exchange.xforce.ibmcloud.com/vulnerabilities/92540
Common Vulnerability Exposure (CVE) ID: CVE-2013-6371
66715
http://www.securityfocus.com/bid/66715
https://bugzilla.redhat.com/show_bug.cgi?id=1032311
jsonc-cve20136371-dos(92541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/92541

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871185
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for json-c RHSA-2014:0703-01
Resumen:	The remote host is missing an update for the 'json-c'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'json-c' package(s) announced via the referenced advisory. Vulnerability Insight: JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C representation of JSON objects. Multiple buffer overflow flaws were found in the way the json-c library handled long strings in JSON documents. An attacker able to make an application using json-c parse excessively large JSON input could cause the application to crash. (CVE-2013-6370) A denial of service flaw was found in the implementation of hash arrays in json-c. An attacker could use this flaw to make an application using json-c consume an excessive amount of CPU time by providing a specially crafted JSON document that triggers multiple hash function collisions. To mitigate this issue, json-c now uses a different hash function and randomization to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2013-6371) These issues were discovered by Florian Weimer of the Red Hat Product Security Team. All json-c users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: json-c on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6370 57791 http://secunia.com/advisories/57791 66720 http://www.securityfocus.com/bid/66720 FEDORA-2014-5006 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html MDVSA-2014:079 http://www.mandriva.com/security/advisories?name=MDVSA-2014:079 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html https://bugzilla.redhat.com/show_bug.cgi?id=1032322 https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 jsonc-cve20136370-bo(92540) https://exchange.xforce.ibmcloud.com/vulnerabilities/92540 Common Vulnerability Exposure (CVE) ID: CVE-2013-6371 66715 http://www.securityfocus.com/bid/66715 https://bugzilla.redhat.com/show_bug.cgi?id=1032311 jsonc-cve20136371-dos(92541) https://exchange.xforce.ibmcloud.com/vulnerabilities/92541
Copyright	Copyright (C) 2014 Greenbone AG