jq-1.6-19.el9_7.0.2
エラータID: AXSA:2026-614:01
リリース日:
2026/05/14 Thursday - 22:58
題名:
jq-1.6-19.el9_7.0.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- jq には、メモリ領域の範囲外読み取りの問題があるため、リモート
の攻撃者により、情報の漏洩、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2026-39979)
- jq には、リモートの攻撃者により、巧妙に細工された JSON
オブジェクトを介して、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2026-40164)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-39979
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.
CVE-2026-40164
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.
追加情報:
N/A
ダウンロード:
SRPMS
- jq-1.6-19.el9_7.0.2.src.rpm
MD5: 935d234a8a472a9e65d8516538bef303
SHA-256: 492b57978b53d773eedf0132c4476c6a1f19d0695598faa90b3d0e73a59de430
Size: 1.44 MB
Asianux Server 9 for x86_64
- jq-1.6-19.el9_7.0.2.i686.rpm
MD5: 9c31aab164fac02ac5f18b5e8ad2f782
SHA-256: 8a52317d44a3fb1e8f1e78ea28b5fe8b80c37fe6f53dacb2e27e64d1039e811b
Size: 212.80 kB - jq-1.6-19.el9_7.0.2.x86_64.rpm
MD5: 48810af0b4779ab21706af451c5698ae
SHA-256: 3d136b78b9ec593757dbe74eeaecf9c514a63664dcf5d1f518904202843ed9ab
Size: 186.44 kB - jq-devel-1.6-19.el9_7.0.2.i686.rpm
MD5: c07e416dfea7f64924caa1b7b5b219f3
SHA-256: 00e9b4a11ead2b3ecd046e9e54a5aa0d6c56d4c7b5b078c3f561ce4af80c72c5
Size: 10.58 kB - jq-devel-1.6-19.el9_7.0.2.x86_64.rpm
MD5: 0ff38200721d92a54ec6bd1745d4627f
SHA-256: 9cda90b59bc6219f9675b81472627c4b946203f9204bf9dc105beb50f770d3a6
Size: 10.57 kB
English