jq-1.6-11.el8_10

エラータID: AXSA:2025-10436:01

リリース日: 
2025/07/11 Friday - 14:42
題名: 
jq-1.6-11.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text.

Security Fix(es):

* jq: jq has signed integer overflow in jv.c:jvp_array_write (CVE-2024-23337)
* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (CVE-2025-48060)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-23337
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
CVE-2025-48060
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

解決策: 

Update packages.

CVE: 
CVE-2024-23337
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
CVE-2025-48060
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. jq-1.6-11.el8_10.src.rpm
    MD5: 6e75c3287d6376b4fd20696f2da68a59
    SHA-256: 4a5bbbbd6d2b7c02dfe4adadcd6a7e54887d3f073b16acd4adad3f66ddb0b15f
    Size: 1.44 MB

Asianux Server 8 for x86_64
  1. jq-1.6-11.el8_10.i686.rpm
    MD5: 67ee556c988b0f609f0f5015e4074e95
    SHA-256: 8bb4480ba123f2c971a9026c783b2f0db490880ce2aac4655582b25768e29978
    Size: 236.79 kB
  2. jq-1.6-11.el8_10.x86_64.rpm
    MD5: 94bb46627ccff82d5e56822860de16da
    SHA-256: 7ee05fc7e5241cef2c7e4060f78eac49f5c639be40fae57c0cd754f194e95c0a
    Size: 202.56 kB
  3. jq-devel-1.6-11.el8_10.i686.rpm
    MD5: 170a12e53e532e524a8a783b2d59c11f
    SHA-256: 82b7340e316d7919ae77ae69262aa40d5c567ecacda06afb61f80bd441f83cb7
    Size: 12.99 kB
  4. jq-devel-1.6-11.el8_10.x86_64.rpm
    MD5: 4c6a0fee89cf666e24570b58c2d15352
    SHA-256: 761a591de5677be95c164aa2fa7a2ed4a9cf913802eeeb8216f93e82149efbd7
    Size: 12.96 kB