yajl-2.1.0-22.el9

エラータID: AXSA:2023-6753:01

Release date: 
Thursday, December 7, 2023 - 13:13
Subject: 
yajl-2.1.0-22.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator.

Security Fix(es):

* yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.3 Release Notes linked from the References section.

CVE-2023-33460
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. yajl-2.1.0-22.el9.src.rpm
    MD5: d6b03b303b727669bc1f7bbba6df9776
    SHA-256: 10ef039d27a7c3d1b290c38db089827ce487cd93a295ce13c70e0440c8528bdb
    Size: 95.85 kB

Asianux Server 9 for x86_64
  1. yajl-2.1.0-22.el9.i686.rpm
    MD5: 51b457d0e32a26c7d92ed10ad5f3c213
    SHA-256: 22e5f1e0bcea164bb842ed64465346942d6f45323e77504f217ee2d05f9511a6
    Size: 37.62 kB
  2. yajl-2.1.0-22.el9.x86_64.rpm
    MD5: 8aa40d1985d4ddcc0ce4ba2e1cf6af8f
    SHA-256: f2e392135c3c9189a2f38de7a18cc498bb5ff10cfd4da385ae22d41810a83255
    Size: 36.63 kB
  3. yajl-devel-2.1.0-22.el9.i686.rpm
    MD5: b730740f2eebf2880e266c52bdaf3fb4
    SHA-256: 009e4033c8aafa380b4096278f90f1739b427334fd7a982077045686859aec3b
    Size: 15.61 kB
  4. yajl-devel-2.1.0-22.el9.x86_64.rpm
    MD5: 44f47bcaff1140bf16a099fe7549ea83
    SHA-256: 72856204cc0874d40ba92513993b6f705f33b170f5f98a63bf4e3acd95d73d37
    Size: 15.59 kB