jq-1.6-12.el8_10
エラータID: AXSA:2026-629:02
リリース日:
2026/05/18 Monday - 18:27
題名:
jq-1.6-12.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- jq には、メモリ領域の範囲外読み取りの問題があるため、リモート
の攻撃者により、情報の漏洩、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2026-39979)
- jq には、リモートの攻撃者により、巧妙に細工された JSON
オブジェクトを介して、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2026-40164)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-39979
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.
CVE-2026-40164
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.
追加情報:
N/A
ダウンロード:
SRPMS
- jq-1.6-12.el8_10.src.rpm
MD5: 898c9441f8b57d43d174b95242080529
SHA-256: c5c81dd70ae7c2a437e04e57910bb8d3f01ad2ba728bb97709108c8d1df5fc17
Size: 1.44 MB
Asianux Server 8 for x86_64
- jq-1.6-12.el8_10.i686.rpm
MD5: 3dad0aa4459f486d2bd72b1ff805c0a4
SHA-256: 78c768347d098d199a5e219fe7095e6d2f5240a9280665e54a90ada6a2c731c6
Size: 237.02 kB - jq-1.6-12.el8_10.x86_64.rpm
MD5: e1bc3d82a40e88335eee129ae8a01124
SHA-256: b78f2f48766503e75fc37523c55cb887f0743c369a4c4fefa902abf2178b76d9
Size: 202.96 kB - jq-devel-1.6-12.el8_10.i686.rpm
MD5: fd810c777dd92674de9b9b853daf7044
SHA-256: 79e3ccc61c08acdffb55fc37402091b9f67525900db99430b1421732e94cdeca
Size: 13.23 kB - jq-devel-1.6-12.el8_10.x86_64.rpm
MD5: c4edcad8538daa5221b676001adb1af9
SHA-256: 4bae9acb1e2a3c619d9e7cd9fc44042c0fed4ffd67aa724b2cda75c3714a30bf
Size: 13.20 kB
English