Ubuntu Update For Json-c USN-2245-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. (CVE-2013-6370) Florian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a specially-crafted JSON document to cause json-c to consume CPU resources, resulting in a denial of service. (CVE-2013-6371)

Affected

json-c on Ubuntu 14.04 LTS , Ubuntu 13.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-June/002546.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6370, CVE-2013-6371

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for apache2 vulnerabilities USN-1021-1
Ubuntu Update for bind9 USN-1264-1
Ubuntu Update for avahi vulnerabilities USN-696-1
Ubuntu Update for apport USN-2007-1
Ubuntu Update for bzip2 vulnerability USN-986-1

Ubuntu Update for json-c USN-2245-1

Take action and discover your vulnerabilities