openSUSE-SU-2022:0106-1

Опубликовано: 18 янв. 2022

Источник: suse-cvrf

Описание

Security update for jawn

This update for jawn fixes the following issues:

CVE-2022-21653: Fixed DoS caused by a hash collision in SimpleFacade and MutableFacade (bsc#1194358).

Список пакетов

openSUSE Leap 15.3

jawn-ast-0.14.1-3.3.1

jawn-json4s-0.14.1-3.3.1

jawn-parser-0.14.1-3.3.1

jawn-util-0.14.1-3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OBUO7H3LKGBHC4SODDIXNRMKJH3PIZ7M/
E-Mail link for openSUSE-SU-2022:0106-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194358
SUSE Bug 1194358
https://www.suse.com/security/cve/CVE-2022-21653/
SUSE CVE CVE-2022-21653 page

Описание

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.

Затронутые продукты

openSUSE Leap 15.3:jawn-ast-0.14.1-3.3.1

openSUSE Leap 15.3:jawn-json4s-0.14.1-3.3.1

openSUSE Leap 15.3:jawn-parser-0.14.1-3.3.1

openSUSE Leap 15.3:jawn-util-0.14.1-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-21653.html
CVE-2022-21653
https://bugzilla.suse.com/1194358
SUSE Bug 1194358

openSUSE-SU-2022:0106-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-21653

Описание

Затронутые продукты

Ссылки