yajl-2.1.0-12.el8

エラータID: AXSA:2023-7129:02

Release date: 
Friday, December 22, 2023 - 12:15
Subject: 
yajl-2.1.0-12.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator.

Security Fix(es):

* yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2023-33460
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

Solution: 

Update packages.

CVEs: 
CVE-2023-33460
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. yajl-2.1.0-12.el8.src.rpm
    MD5: 15f2e13d611055b63ae5b3f4b08edccd
    SHA-256: 01711a5dd500c9d10031c0dddac2f96e5b4e4c6b7aae5c47508e2fd0c9af737a
    Size: 97.49 kB

Asianux Server 8 for x86_64
  1. yajl-2.1.0-12.el8.i686.rpm
    MD5: fa6960c8c6d323a932e5e8d143806a80
    SHA-256: f8865c93b088ee2935338e84c0498f5a5ef080e8a2edbfebafd34d50b8bf542a
    Size: 40.63 kB
  2. yajl-2.1.0-12.el8.x86_64.rpm
    MD5: d46989e9cbad905cb758996db8b057e2
    SHA-256: 76e45a19ec3aef05cd335daf50f17d61ee5e82622dfea6a15c425576f6b98586
    Size: 39.71 kB
  3. yajl-devel-2.1.0-12.el8.i686.rpm
    MD5: 1a123b65b2eb878fd0be08fb5fe7dd6d
    SHA-256: 8452ed6393113dcff454e7f135799e51df3fc510c5b98af1338cf75ed5073d32
    Size: 17.98 kB
  4. yajl-devel-2.1.0-12.el8.x86_64.rpm
    MD5: 0dc82cd62c4976c1b781b514ed881094
    SHA-256: 6f24e9ed692cefccc18133141094888832ac265c4c7ae6ef99efb03e111fc7e3
    Size: 17.96 kB