USN-4360-2: json-c regression
15 May 2020
USN-4360-1 introduced a regression in json-c.
- json-c - JSON manipulation library
USN-4360-1 fixed a vulnerability in json-c. The security fix introduced
a memory leak in some scenarios. This update reverts the security fix
pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that json-c incorrectly handled certain JSON files.
An attacker could possibly use this issue to execute arbitrary code.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.