Fedora alert FEDORA-2014-3782 (jansson)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 19 Update: jansson-2.6-1.fc19 | |
| Date: | Mon, 24 Mar 2014 06:39:10 +0000 | |
| Message-ID: | <20140324063910.675512180C@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-3782 2014-03-12 09:20:23 -------------------------------------------------------------------------------- Name : jansson Product : Fedora 19 Version : 2.6 Release : 1.fc19 URL : http://www.digip.org/jansson/ Summary : C library for encoding, decoding and manipulating JSON data Description : Small library for parsing and writing JSON documents. -------------------------------------------------------------------------------- Update Information: Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an excessive amount of CPU time by sending a crafted JSON document containing a large number of parameters whose names map to the same hash value. (CVE-2013-6401) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 13 2014 Jared Smith <jsmith@fedoraproject.org> - 2.6-1 - Update to Jansson 2.6 for CVE-2013-6401 * Sat Jan 25 2014 Jiri Pirko <jpirko@redhat.com> 2.5-1 - Update to Jansson 2.5. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063817 - CVE-2013-6401 jansson: hash table collisions CPU usage DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1063817 [ 2 ] Bug #1064201 - jansson-2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1064201 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update jansson' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...