jq-1.6-19.el9_8.2
エラータID: AXSA:2026-1020:03
リリース日:
2026/06/29 Monday - 13:16
題名:
jq-1.6-19.el9_8.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- jq には、メモリ領域の範囲外読み取りの問題があるため、リモート
の攻撃者により、情報の漏洩、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2026-39979)
- jq には、リモートの攻撃者により、巧妙に細工された JSON
オブジェクトを介して、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2026-40164)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-39979
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.
CVE-2026-40164
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.
追加情報:
N/A
ダウンロード:
SRPMS
- jq-1.6-19.el9_8.2.src.rpm
MD5: e2f0f97cc8c806f00a0657180ddea0a2
SHA-256: e1d76c8d6235530fb35a9b63ce1684b18b272c9fbd747a16eefe960aa1324146
Size: 1.44 MB
Asianux Server 9 for x86_64
- jq-1.6-19.el9_8.2.i686.rpm
MD5: b8518dffb81db3edc9ac402814551d83
SHA-256: e33cff76cafa3cac437a6b060e3cc1d47acda6aeccce0b082f8b062c42cd2d6c
Size: 212.83 kB - jq-1.6-19.el9_8.2.x86_64.rpm
MD5: 89bdf7c2d224d5551f27040ab508f0aa
SHA-256: 82961de8ff8f1fe7cc237f581b021e7a98464857424ea4e1c59401c55d825402
Size: 186.44 kB - jq-devel-1.6-19.el9_8.2.i686.rpm
MD5: 097d861fa160c5991aef3192b5e45d1d
SHA-256: f5879f6fd511a07760355321cca2ed7ddfecfb5de32bb902de2072e0943d6eb9
Size: 10.57 kB - jq-devel-1.6-19.el9_8.2.x86_64.rpm
MD5: 0a1d2e6c54fa675521841fde797e5824
SHA-256: 28cfdc5fb2587fbe0c8f453f5a26da5de18a235daf65f7fb965fc2d0cc42db07
Size: 10.56 kB