Advisories ยป MGASA-2016-0198

Updated jansson packages fix CVE-2016-4425

Publication date: 21 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4425

Description

Updated jansson packages fix security vulnerability:

Gustavo Grieco discovered that jansson did not limit the recursion depth when
parsing JSON arrays and objects. This could allow remote attackers to cause a
denial of service (crash) via stack exhaustion, using crafted JSON data
(CVE-2016-4425).
                

References

SRPMS

5/core