Mageia alert MGASA-2026-0073 (python-ujson) [LWN.net]


From:
               Mageia Updates <updates-announce@ml.mageia.org>
To:
               updates-announce@ml.mageia.org
Subject:
               [updates-announce] MGASA-2026-0073: Updated python-ujson packages fix security vulnerabilities
Date:
               Sun, 29 Mar 2026 01:55:49 +0100
Message-ID:
               <20260329005549.AB8359F9CD@duvel.mageia.org>
Archive-link:
               Article
MGASA-2026-0073 - Updated python-ujson packages fix security vulnerabilities

Publication date: 29 Mar 2026
URL: https://advisories.mageia.org/MGASA-2026-0073.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2026-32874,
     CVE-2026-32875

Description:
CVE-2026-32874 ujson 5.4.0 to 5.11.0 inclusive contains an accumulating
memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1])
integers.
ujson 5.4.0 to 5.11.0 has an integer overflow while handling a large indent
which leads to a buffer overflow or infinite loop.

References:
- https://bugs.mageia.org/show_bug.cgi?id=35258
- https://github.com/ultrajson/ultrajson/security/advisorie...
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3...

SRPMS:
- 9/core/python-ujson-5.7.0-1.1.mga9

From:		Mageia Updates <updates-announce@ml.mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2026-0073: Updated python-ujson packages fix security vulnerabilities
Date:		Sun, 29 Mar 2026 01:55:49 +0100
Message-ID:		<20260329005549.AB8359F9CD@duvel.mageia.org>
Archive-link:		Article