Описание
Security update for jq
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
Список пакетов
Container containers/suse-ai-observability-extension-setup:1
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Container suse/sle-micro-rancher/5.2:latest
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Container suse/sle-micro-rancher/5.3:latest
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Container suse/sle-micro-rancher/5.4:latest
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Container suse/sle-micro/5.5:latest
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image SLES15-SP6-CHOST-BYOS
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image SLES15-SP6-CHOST-BYOS-Azure
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image SLES15-SP6-CHOST-BYOS-EC2
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image SLES15-SP6-CHOST-BYOS-GCE
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image SLES15-SP6-CHOST-BYOS-GDC
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Image ai_15_6
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
SUSE Linux Enterprise Micro 5.1
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
SUSE Linux Enterprise Micro 5.2
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
SUSE Linux Enterprise Micro 5.3
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
SUSE Linux Enterprise Micro 5.4
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
SUSE Linux Enterprise Micro 5.5
jq-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
jq-1.6-150000.3.9.1
libjq-devel-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
jq-1.6-150000.3.9.1
libjq-devel-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
openSUSE Leap 15.6
jq-1.6-150000.3.9.1
libjq-devel-1.6-150000.3.9.1
libjq1-1.6-150000.3.9.1
Ссылки
- Link for SUSE-SU-2025:02915-1
- E-Mail link for SUSE-SU-2025:02915-1
- SUSE Security Ratings
- SUSE Bug 1244116
- SUSE CVE CVE-2025-48060 page
Описание
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
Затронутые продукты
Container containers/suse-ai-observability-extension-setup:1:jq-1.6-150000.3.9.1
Container containers/suse-ai-observability-extension-setup:1:libjq1-1.6-150000.3.9.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:jq-1.6-150000.3.9.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:libjq1-1.6-150000.3.9.1
Ссылки
- CVE-2025-48060
- SUSE Bug 1244116