Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0066)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0066

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0066)

Resumen: The remote host is missing an update for the 'yajl' package(s) announced via the MGASA-2024-0066 advisory.

Descripción: Summary:
The remote host is missing an update for the 'yajl' package(s) announced via the MGASA-2024-0066 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is
supplied to Yajl::Parser.new.parse, the whole ruby process crashes with
a SIGABRT in the yajl_string_decode function in yajl_encode.c. This
results in the whole ruby process terminating and potentially a denial
of service. (CVE-2017-16516)
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
function. which will cause out-of-memory in server and cause crash.
(CVE-2023-33460)

Affected Software/OS:
'yajl' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-16516
https://github.com/brianmario/yajl-ruby/issues/176
https://rubygems.org/gems/yajl-ruby
https://lists.debian.org/debian-lts-announce/2017/11/msg00010.html
https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-33460
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/
https://github.com/lloyd/yajl/issues/250
https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0066
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0066)
Resumen:	The remote host is missing an update for the 'yajl' package(s) announced via the MGASA-2024-0066 advisory.
Descripción:	Summary: The remote host is missing an update for the 'yajl' package(s) announced via the MGASA-2024-0066 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. (CVE-2017-16516) There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. (CVE-2023-33460) Affected Software/OS: 'yajl' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-16516 https://github.com/brianmario/yajl-ruby/issues/176 https://rubygems.org/gems/yajl-ruby https://lists.debian.org/debian-lts-announce/2017/11/msg00010.html https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2023-33460 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/ https://github.com/lloyd/yajl/issues/250 https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html
Copyright	Copyright (C) 2024 Greenbone AG