Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0175)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0175

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0175)

Resumen: The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory.

Descripción: Summary:
The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory.

Vulnerability Insight:
Updated json-c packages fix security vulnerabilities:

Florian Weimer reported that the printbuf APIs used in the json-c library used
ints for counting buffer lengths, which is inappropriate for 32bit
architectures. These functions need to be changed to using size_t if possible
for sizes, or to be hardened against negative values if not. This could be
used to cause a denial of service in an application linked to the json-c
library (CVE-2013-6370).

Florian Weimer reported that the hash function in the json-c library was weak,
and that parsing smallish JSON strings showed quadratic timing behaviour.
This could cause an application linked to the json-c library, and that
processes some specially-crafted JSON data, to use excessive amounts of CPU
(CVE-2013-6371).

Affected Software/OS:
'json-c' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-6370
57791
http://secunia.com/advisories/57791
66720
http://www.securityfocus.com/bid/66720
FEDORA-2014-5006
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html
MDVSA-2014:079
http://www.mandriva.com/security/advisories?name=MDVSA-2014:079
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugzilla.redhat.com/show_bug.cgi?id=1032322
https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
jsonc-cve20136370-bo(92540)
https://exchange.xforce.ibmcloud.com/vulnerabilities/92540
Common Vulnerability Exposure (CVE) ID: CVE-2013-6371
66715
http://www.securityfocus.com/bid/66715
https://bugzilla.redhat.com/show_bug.cgi?id=1032311
jsonc-cve20136371-dos(92541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/92541

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0175
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0175)
Resumen:	The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory.
Descripción:	Summary: The remote host is missing an update for the 'json-c' package(s) announced via the MGASA-2014-0175 advisory. Vulnerability Insight: Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library (CVE-2013-6370). Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU (CVE-2013-6371). Affected Software/OS: 'json-c' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6370 57791 http://secunia.com/advisories/57791 66720 http://www.securityfocus.com/bid/66720 FEDORA-2014-5006 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html MDVSA-2014:079 http://www.mandriva.com/security/advisories?name=MDVSA-2014:079 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html https://bugzilla.redhat.com/show_bug.cgi?id=1032322 https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 jsonc-cve20136370-bo(92540) https://exchange.xforce.ibmcloud.com/vulnerabilities/92540 Common Vulnerability Exposure (CVE) ID: CVE-2013-6371 66715 http://www.securityfocus.com/bid/66715 https://bugzilla.redhat.com/show_bug.cgi?id=1032311 jsonc-cve20136371-dos(92541) https://exchange.xforce.ibmcloud.com/vulnerabilities/92541
Copyright	Copyright (C) 2022 Greenbone AG