Advisories ยป MGASA-2017-0415

Updated jq packages fix security vulnerabilities

Publication date: 19 Nov 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2015-8863 , CVE-2016-4074

Description

A heap-based buffer overflow flaw was found in jq's tokenadd() function.
By tricking a victim into processing a specially crafted JSON file, an
attacker could use this flaw to crash jq or, potentially, execute
arbitrary code on the victim's system (CVE-2015-8863).

Stack exhaustion could affect availability when parsing untrusted input
(CVE-2016-4074).
                

References

SRPMS

6/core