UbuntuUpdates.org

Package "yajl"

Name: yajl

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Yet Another JSON Library - tools

Latest version: 2.1.0-3ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: universe

Links



Other versions of "yajl" in Focal

Repository Area Version
base universe 2.1.0-3
base main 2.1.0-3
security main 2.1.0-3ubuntu0.20.04.1
updates main 2.1.0-3ubuntu0.20.04.1
updates universe 2.1.0-3ubuntu0.20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.0-3ubuntu0.20.04.1 2023-12-14 17:07:02 UTC

  yajl (2.1.0-3ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overread in yajl_string_decode function
    - debian/patches/CVE-2017-16516.patch: don't advance our end pointer until
      we've checked we have enough buffer left and that the unicode escape is
      approaching.
    - CVE-2017-16516
  * SECURITY UPDATE: integer overflow leading to heap memory corruption when
    processing large (~2GB) inputs
    - debian/patches/CVE-2022-24795.patch: catch integer overflow and
      terminate the process with abort().
    - CVE-2022-24795
  * SECURITY UPDATE: memory leak in yajl_tree_parse function
    - debian/patches/CVE-2023-33460.patch: fix memory leak problems by
      releasing requested memory in time.
    - CVE-2023-33460

 -- Fabian Toepfer <email address hidden> Thu, 14 Dec 2023 14:06:36 +0100

CVE-2017-16516 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in
CVE-2022-24795 yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow whi
CVE-2023-33460 There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.



About   -   Send Feedback to @ubuntu_updates