Medium: json-c

2020-06-23T05:59:00
ID ALAS-2020-1381
Type amazon
Reporter Amazon
Modified 2020-06-23T05:59:00

Description

Issue Overview:

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. (CVE-2020-12762 __)

Affected Packages:

json-c

Issue Correction:
Run yum update json-c to update your system.

New Packages:

i686:  
    json-c-debuginfo-0.11-7.8.amzn1.i686  
    json-c-0.11-7.8.amzn1.i686  
    json-c-devel-0.11-7.8.amzn1.i686

noarch:  
    json-c-doc-0.11-7.8.amzn1.noarch

src:  
    json-c-0.11-7.8.amzn1.src

x86_64:  
    json-c-debuginfo-0.11-7.8.amzn1.x86_64  
    json-c-0.11-7.8.amzn1.x86_64  
    json-c-devel-0.11-7.8.amzn1.x86_64