Updated jq packages fix security vulnerabilities
Publication date: 19 Nov 2017Modification date: 19 Nov 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2015-8863 , CVE-2016-4074
Description
A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system (CVE-2015-8863). Stack exhaustion could affect availability when parsing untrusted input (CVE-2016-4074).
References
SRPMS
6/core
- jq-1.5-1.1.mga6