exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-6233-2

Ubuntu Security Notice USN-6233-2
Posted Dec 15, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6233-2 - USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service .

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
SHA-256 | 1a79b120418384147adf55646f48f838ca04a6cd9e3d760d119309f406d0434a

Ubuntu Security Notice USN-6233-2

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-6233-2
December 14, 2023

yajl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in YAJL.

Software Description:
- yajl: Yet Another JSON Library

Details:

USN-6233-1 fixed vulnerabilities in YAJL. This update provides the
corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu
23.04.

Original advisory details:

It was discovered that YAJL was not properly performing bounds checks when
decoding a string with escape sequences. If a user or automated system
using YAJL were tricked into processing specially crafted input, an
attacker could possibly use this issue to cause a denial of service
(application abort). (CVE-2017-16516)

It was discovered that YAJL was not properly handling memory allocation
when dealing with large inputs, which could lead to heap memory
corruption. If a user or automated system using YAJL were tricked into
running a specially crafted large input, an attacker could possibly use
this issue to cause a denial of service. (CVE-2022-24795)

It was discovered that memory leaks existed in one of the YAJL parsing
functions. An attacker could possibly use this issue to cause a denial of
service (memory exhaustion). (CVE-2023-33460)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
libyajl2 2.1.0-3ubuntu0.23.04.1

Ubuntu 22.04 LTS:
libyajl2 2.1.0-3ubuntu0.22.04.1

Ubuntu 20.04 LTS:
libyajl2 2.1.0-3ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6233-2
https://ubuntu.com/security/notices/USN-6233-1
CVE-2017-16516, CVE-2022-24795, CVE-2023-33460

Package Information:
https://launchpad.net/ubuntu/+source/yajl/2.1.0-3ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/yajl/2.1.0-3ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/yajl/2.1.0-3ubuntu0.20.04.1

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close