ID

VAR-202005-0397

CVE

CVE-2020-12762

TITLE

Red Hat Security Advisory 2021-4382-02

DESCRIPTION

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: json-c security and bug fix update Advisory ID: RHSA-2021:4382-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4382 Issue date: 2021-11-09 CVE Names: CVE-2020-12762 ==================================================================== 1. Summary: An update for json-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - noarch 3. Description: JSON-C implements a reference counting object model that allows users to easily construct JavaScript Object Notation (JSON) objects in C, output them as JSON formatted strings, and parse JSON formatted strings back into the C representation of JSON objects. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: json-c-debuginfo-0.13.1-2.el8.aarch64.rpm json-c-debugsource-0.13.1-2.el8.aarch64.rpm json-c-devel-0.13.1-2.el8.aarch64.rpm ppc64le: json-c-debuginfo-0.13.1-2.el8.ppc64le.rpm json-c-debugsource-0.13.1-2.el8.ppc64le.rpm json-c-devel-0.13.1-2.el8.ppc64le.rpm s390x: json-c-debuginfo-0.13.1-2.el8.s390x.rpm json-c-debugsource-0.13.1-2.el8.s390x.rpm json-c-devel-0.13.1-2.el8.s390x.rpm x86_64: json-c-debuginfo-0.13.1-2.el8.i686.rpm json-c-debuginfo-0.13.1-2.el8.x86_64.rpm json-c-debugsource-0.13.1-2.el8.i686.rpm json-c-debugsource-0.13.1-2.el8.x86_64.rpm json-c-devel-0.13.1-2.el8.i686.rpm json-c-devel-0.13.1-2.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: json-c-0.13.1-2.el8.src.rpm aarch64: json-c-0.13.1-2.el8.aarch64.rpm json-c-debuginfo-0.13.1-2.el8.aarch64.rpm json-c-debugsource-0.13.1-2.el8.aarch64.rpm ppc64le: json-c-0.13.1-2.el8.ppc64le.rpm json-c-debuginfo-0.13.1-2.el8.ppc64le.rpm json-c-debugsource-0.13.1-2.el8.ppc64le.rpm s390x: json-c-0.13.1-2.el8.s390x.rpm json-c-debuginfo-0.13.1-2.el8.s390x.rpm json-c-debugsource-0.13.1-2.el8.s390x.rpm x86_64: json-c-0.13.1-2.el8.i686.rpm json-c-0.13.1-2.el8.x86_64.rpm json-c-debuginfo-0.13.1-2.el8.i686.rpm json-c-debuginfo-0.13.1-2.el8.x86_64.rpm json-c-debugsource-0.13.1-2.el8.i686.rpm json-c-debugsource-0.13.1-2.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): noarch: json-c-doc-0.13.1-2.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrej9zjgjWX9erEAQiU1g//YzM77GdfeN9wtXjfeQ400cw5AsR8XjOm 3eS4kMuwlN0w5reO9n3OnPs3SCZVDcoRmPJ1Z71eK796SyczEzfItkB8HVpPIL2E c8QfOQ1a2m/Izws30u8/xASfY3JXEWFeX5Pip7OrQ8T+6BhpsYEMzD7zC6aPXgzw g7T87IaVa1WPsORtd/KvDivVGBLt9jwzvjbJAOmRQ0ccWC9ylsjqXiuvDzFlyL+h R0tSJXyNDFebOwwAY5cJ0Go1NjlGC61K0SgB/S/WnQyqKcqN6kss/1fFCjGs/wvy Z52AMuB1BeOjPdxPydwErGjtl7qxn0ygpKwxKsHJwbhYpuUEBhkn6LG998y9QBVj gQDuySEzrR+0j1Tg579g/z1fvtbvXCU0/Wt01uoeWJlyKVR4B8dJAV4NHLFXoon8 Uw+dlJFvFPlu0LERlaYquQJ0FksWZH9G+3mrVo2F9X8IOMint0zNe+X+mE7zuhOX qluAe5stgV5BNtXkboSmt3R4mk4suNbgexZvyC9cMeIY+A2GNB4NHcVtwPVSs4Bg QG2SPVqwXL73ViKAS9YSof9uSY2hRXqSKs+BRnIVxKZS0EzFybv76NQtmx7NjZlG JUkHfT/W9UnTxfgmrDs6xYUKNCs6lyvkTmBfGf0+S+CLTToVImr9DPN/EO2r+/xS A4oHKkiq9g8\x8eca -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1] LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0411.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. ========================================================================= Ubuntu Security Notice USN-4360-4 May 28, 2020 json-c vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: json-c could be made to execute arbitrary code if it received a specially crafted JSON file. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libjson-c4 0.13.1+dfsg-7ubuntu0.3 Ubuntu 19.10: libjson-c4 0.13.1+dfsg-4ubuntu0.3 Ubuntu 18.04 LTS: libjson-c3 0.12.1-1.3ubuntu0.3 Ubuntu 16.04 LTS: libjson-c2 0.11-4ubuntu2.6 libjson0 0.11-4ubuntu2.6 Ubuntu 14.04 ESM: libjson-c2 0.11-3ubuntu1.2+esm3 libjson0 0.11-3ubuntu1.2+esm3 Ubuntu 12.04 ESM: libjson0 0.9-1ubuntu1.4 In general, a standard system update will make all the necessary changes. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1857 - OpenShift Alerting Rules Style-Guide Compliance LOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM LOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server 6

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-02-20T21:25:12.707000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE