Описание
Security update for jq
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
Container suse/sle-micro-rancher/5.3:latest
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
Container suse/sle-micro-rancher/5.4:latest
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
Container suse/sle-micro/5.5:latest
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
SUSE Linux Enterprise Micro 5.1
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
SUSE Linux Enterprise Micro 5.2
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
SUSE Linux Enterprise Micro 5.3
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
SUSE Linux Enterprise Micro 5.4
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
SUSE Linux Enterprise Micro 5.5
jq-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
jq-1.6-150000.3.6.1
libjq-devel-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
jq-1.6-150000.3.6.1
libjq-devel-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
openSUSE Leap 15.6
jq-1.6-150000.3.6.1
libjq-devel-1.6-150000.3.6.1
libjq1-1.6-150000.3.6.1
Ссылки
- Link for SUSE-SU-2025:02384-1
- E-Mail link for SUSE-SU-2025:02384-1
- SUSE Security Ratings
- SUSE Bug 1243450
- SUSE CVE CVE-2024-23337 page
Описание
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:jq-1.6-150000.3.6.1
Container suse/sle-micro-rancher/5.2:latest:libjq1-1.6-150000.3.6.1
Container suse/sle-micro-rancher/5.3:latest:jq-1.6-150000.3.6.1
Container suse/sle-micro-rancher/5.3:latest:libjq1-1.6-150000.3.6.1
Ссылки
- CVE-2024-23337
- SUSE Bug 1243450