libfastjson-0.99.9-2.el8

エラータID: AXSA:2023-7094:02

Release date: 
Friday, December 22, 2023 - 08:53
Subject: 
libfastjson-0.99.9-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libfastjson library provides essential JavaScript Object Notation (JSON) handling functions. The library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert JSON-formatted strings back to the C representation of JSON objects.

Security Fix(es):

* json-c, libfastjson: integer overflow and out-of-bounds write via a large JSON file (CVE-2020-12762)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Solution: 

Update packages.

CVEs: 
CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Additional Info: 

N/A

Download: 

SRPMS
  1. libfastjson-0.99.9-2.el8.src.rpm
    MD5: a7dc465b287171d488e6adb95e5a4c2f
    SHA-256: 6f0d329914f7c4dc6a55da0d62f0ea07848633dd3c873f3bc3d35e93c8bb4703
    Size: 435.95 kB

Asianux Server 8 for x86_64
  1. libfastjson-0.99.9-2.el8.i686.rpm
    MD5: 7580358c5e3954c83cac06702541228e
    SHA-256: eeb8e57145bb221ddca0fc010d4b2827614fd1db1b1f5df6aaab3dc191a252ec
    Size: 38.77 kB
  2. libfastjson-0.99.9-2.el8.x86_64.rpm
    MD5: ea8eeb255a1cbc5adc467b26543df9aa
    SHA-256: e860b98a12d71762a74eb16f6ae0e15aa900f58c1a076638659a6d479b0a79cd
    Size: 36.62 kB