Ubuntu alert USN-7125-1 (rapidjson)
| From: | Octavio Galland <octavio.galland@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | RapidJSON vulnerability | |
| Date: | Mon, 25 Nov 2024 15:59:31 -0300 | |
| Message-ID: | <bb27ea9b-f750-4fc1-9e7b-345f1b1b0565@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7125-1 November 25, 2024 rapidjson vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: RapidJSON could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - rapidjson: A fast JSON parser/generator for C++ Details: It was discovered that RapidJSON incorrectly parsed numbers written in scientific notation, leading to an integer underflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 rapidjson-dev 1.1.0+dfsg2-7.3ubuntu0.1 Ubuntu 24.04 LTS rapidjson-dev 1.1.0+dfsg2-7.2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS rapidjson-dev 1.1.0+dfsg2-7ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS rapidjson-dev 1.1.0+dfsg2-5ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS rapidjson-dev 1.1.0+dfsg2-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS rapidjson-dev 0.12~git20141031-3ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7125-1 CVE-2024-38517 Package Information: https://launchpad.net/ubuntu/+source/rapidjson/1.1.0+dfsg...
Attachment: OpenPGP_0xF6E140F6DB359E58.asc (type=application/pgp-keys)
-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBGZU5HkBEAC5gtbx2yg8wn9n1x0UKtCSpHCzCL/DDMi+ez8DqaDy2ym8waOh X6ZeMYxEcRlZMEieo3VfpdioYr/reAs0XViMlSeM7DiMFN1Q6E3yDAaW8Ne/6OwU 6ID8AVV12dooWoa6Xa4hbLLLBMH0XRd8DVw4Zn6s+C18AMweC7Uf3ib62WI7jAxZ vaRLV+1WWRBQlse5Of7hpvYsqbGuA4l/hzM2LYmWXXDOAsG2DhbSioQdSd89clH9 o1A/fCWNcVC80b7haAG96OaqXSaMny25Vdz5cGWj9SNOcVoXSoGdlu4JFQ/RQo/U VRk2XTAKVJdIsVW5Fp/4O3z7nLzygDlC10YM0JAfNCuAgcr8pp14Tlz8ExMNqO7z yhQt0iCn63UD5f/UB0oK2Ix8I5QK4JoHOeOUq8sDZez+bfX+D2KrYLQ4HONWNR2T 7XVnK9YNfWZyztZ7kVZlG3r/WSn1D6ZBj+Aolv2XtzweAn8HNxR3yZZe+1FoHLV3 JnNG1zaQs+WQJFGcQdjzdu5nvKXf4o0TJuakMbhcAh9DmhHGhRvesp9LOrDKxv7C OXm8ER6G1wRyIh78bPTe6zRfMP49MX1LKUOHf+2T4IRt/7bz4OFXl5vfCWlAOUWN i6EJ2qImw+2ouEKu9X/9p+I3FDALtOoys1MBKAdQsG/RhDfB2Bt/BRtZ7wARAQAB zTZPY3RhdmlvIEFkb2xmbyBHYWxsYW5kIDxvY3RhdmlvLmdhbGxhbmRAY2Fub25p Y2FsLmNvbT7CwZEEEwEKADsWIQRH8irnonVCkXIr8JD24UD22zWeWAUCZlTkeQIb AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRD24UD22zWeWNDaEACJOesZ 823ro/m2o9PVvjyw0wKn1/beHamwJFpp1ciDwYTLemsGjJf1e5D2HBVNTGSqmmnh IZVSeCq6Ni9PbJlGsxJrGlVpaJRS8LBD/3xQNg5KYyT5loSge53oFBZgTAIj2sNX UmtWZagQlBPdOB982CHqO6+2J/Dbly6qSKp8UUgatUNzbvClVhJmxA9TpV2WumSA e4zR1JirXZGGgCg5NLhFiGtySnyS4lcl+hjtdYsvD3FDOiAJaSMJfCagW1gmpjX2 znaDhexnT6rXvWeV8ZP5xbMJfS7UxeArdW09uBBohjFteHzaBnqppVxMOwMaId0w /+TRFsT+sDPMsdMBakJ3Tw6WS4qbfY8pbJGuvKZ4x5ZJlZdXpx9wsVY7EsA2qRqb GtEFsyy+7zQ4HUTTbSmUc9PATpmcyJpXGM47iaGmN735Qc2gcZZLHYfylEs8bxHo DeDxnDSDZhw+0E2/ZRRLUOlUzsxxGWW5tsJ+GHe69eceiDQJOdAiomJkSJMXQStv vfsDd5wmX8Z8Yf+NGwWK0X/KQXBo6a9/6aDRE9HwyadYF+3F87dbr8KY/GlhYn6i s5YRgGEIynvOVvxfrb3EAXe0f6iJq1TCEyvKAn3zhaw070wZWsVploAPJ8y9PKwi UaHfH6s9RVZ94Qtz4BwasdGo2mnHJP0NWQcsnc7BTQRmVOR5ARAAuVJlTQ0Me3Fo N8cVaUnux5nFraEUdLdKM9iD8L5Pj+LCJGHWkb3yGfdcWHkV9eOKTuixSajdJEj7 EKdzYaLRyKItwT0PFPcgNV7C6OGZYGvOd+9jGxMH4P9ENf+3eNurt+Za8SPLboRZ faprZhn2nIX8JWPqWDzV3YUkq4Oyxo7DJJenuDQLPnG3WtcKogOpIpbw2h0vm04E O5honjtDY8iwyYabl17/bFmZowL2SOmAgohWsGgzC3+/Zoyr7n80Ayv1nl/6Tecg hqrRNfWTG8Y2e25p90DSv6D+NUwLWTaFHP1OivVfnvTTyrtQUGrV2rRR5AYzmqaz NjGlAZ0FzZdKVV1vjgFZNnHH2avyQUALz3miaB3h2GHJbhI9EjhOkv+jVzMR8Pok w19kS0ewed+O8PG5CecJZfwgDNWaqLL3QGYMFVKC5n8Ekv+XfqNxcgT3un8Zles5 V3ejOhdjvQqvKuV4ey5nZ8he/kzZbW27oGiy58SxK9RMy57bs3ugm8wbKc1B/EOX 2LdLo1kdQqCa3lWDReyb0S2I14ml9qddc3UA/IBtZDy0AfOlNbwzV+V9SW8j8lXh 4KGGNfNfsuRsSoiYNyIzCQEtRCEm9c/SkTwhW2oNTdztRtageji91y9zOPRf3lN9 HpDR05a8AoC1YonHZxxNcxQMScIUHp8AEQEAAcLBdgQYAQoAIBYhBEfyKueidUKR civwkPbhQPbbNZ5YBQJmVOR5AhsMAAoJEPbhQPbbNZ5Yef0P/AwNuhnujouSKmc/ Nov/pHkcujZaYsn1iIoYEqhmWjpnBQav+m63G+RZ5zjqu36G7uhZkpYILPihLOJZ X2SuTIrVitnJ+ocXK2QFLbW8gUlvqRi4kP5XbUQ0yAVWzPFlY9BNK6DUrj0LeC5n 4i+llAI9d50MiqlUDp+pdCotsuyE0PuuGDkY943LXWnPRPnHCv96ocOglN/dyVCB N1fjEStCG4q3xzYO1KX3WnPOdurPh/CDw6Uypfr6VOlU+3BN+7t2wCk2V7tDjaYH 8/pZCzHCH3FDzUdEuVRBE0eB73yNFv1/SgVstqvTUfcYnaOm2EgvtBB14gIC8qBO GPSjlh/7kMmD7m8ZiJNknUOL04mOFkDufnbcNUxmYEbn33TCbSIWDjt3RxTHVnzB UZjYdBkUNJU1JcxDRJzoILSMUSLSH69z90UaArMiKMGtRoIQj2vSSQzdUgeGBBKv vqE74KMQ0kj/qLaX6cCLUBX2kBShMVbQ7igp3Jytqj8hRvpPVo+xoXd42UWmLTCa ISvwLtKvzrXYT80yYVUHhCx9keJ+zuOloshIPmvdVvfuoVaGVMpf6/gOJniRuUwA ufUEKoy7Nl7w6e9pNIM7S5k7TqinqALWixkER9AfIOmEYYsmTVTBDLjsSEv0QWyJ QGrNPtvSWtSzFkAmdaSP92Yi2kr2 =ZpuF -----END PGP PUBLIC KEY BLOCK-----
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmdEyRMFAwAAAAAACgkQ9uFA9ts1nlgh rg/9HT3yWgHtUDSVWXjY0D2PHYESFflIL1lZj5k3YcpFUCEXMNIVNay+MX8F7+Y0oMVcDqjWH5Jk Uzp/B1aO4Vbftqr6UTmDVWj46J+iEmapCzqDvBJvZZS6LzdkZAkifjfCd+nuvF0LVGyIxihfWy/N 3ozwKoTdZeldinPctgYXaznnvfcn38dkHu1SvwJwKKdAehHi8/tMHttCv/IdZGKiIkijhKdSVoLO oukLR98mQlrYjwSGQW7QdLF8/Bo7GszH+bbrbg8G8aIq2SCPnBEumJV9Vq/jQAk0wwDv404uoUbp +RtRfct/4sRJX0mKhBCCyr3O5jLlcbUStIDqU4I6fnB7QsIWvBon1BIz9MUbDhaxvz6WBaWchMl7 anFjr0yl94bSTIGHMI+vsKRnzomxBLCMBp7xMYOUxUWllD+ezNULZiUqNuhpI9Uc/FARIGU7JpXs EUkY22A643dJUJxMB53qkKgySLDC8WmDKF44Df73186kw1/O+ZwS39cGPM7vwQGPADAUNI7AJaXD n025Z9LidXc2SRdsHECBSkxxX6RMvey3NGvTbSt2cOzhNR6mQTP1nFZano0lyXKARnK2hnNzb2vu 0PH7L1Y1Ca4Z1HZk+I6dBs2Z7D8ek/F+cObN+tMPOWJSa6NmzyBsy/2tOKSwzHTPPHgGR5oAgV42 rB4= =ycrY -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)