USN-4360-4: json-c vulnerability
28 May 2020
json-c could be made to execute arbitrary code if it received a specially crafted JSON file.
- json-c - JSON manipulation library
USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a
memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides
the correct fix update for CVE-2020-12762.
Original advisory details:
It was discovered that json-c incorrectly handled certain JSON files.
An attacker could possibly use this issue to execute arbitrary code.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-4360-1: libjson-c2, libjson-c4, libjson-c3, json-c, libjson0