(RHSA-2016:1106) Moderate: jq security update

2016-05-25T04:02:42
ID RHSA-2016:1106
Type redhat
Reporter RedHat
Modified 2018-03-19T16:27:28

Description

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text.

Security Fix(es):

  • A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. (CVE-2015-8863)