openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2024:0139-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856164

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2024:0139-1)

Resumen: The remote host is missing an update for the 'cJSON' package(s) announced via the openSUSE-SU-2024:0139-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cJSON' package(s) announced via the openSUSE-SU-2024:0139-1 advisory.

Vulnerability Insight:
This update for cJSON fixes the following issues:

- Update to 1.7.18:
* CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420)
* Remove non-functional list handling of compiler flags
* Fix heap buffer overflow
* remove misused optimization flag -01
* Set free'd pointers to NULL whenever they are not reassigned
immediately after

- Update to version 1.7.17 (boo#1218098, CVE-2023-50472,
boo#1218099, CVE-2023-50471):
* Fix null reference in cJSON_SetValuestring (CVE-2023-50472).
* Fix null reference in cJSON_InsertItemInArray (CVE-2023-50471).

- Update to 1.7.16:
* Add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt
* Add cmake_policy to CMakeLists.txt
* Add cJSON_SetBoolValue
* Add meson documentation
* Fix memory leak in merge_patch
* Fix conflicting target names 'uninstall'
* Bump cmake version to 3.0 and use new version syntax
* Print int without decimal places
* Fix 'cjson_utils-static' target not exist
* Add allocate check for replace_item_in_object
* Fix a null pointer crash in cJSON_ReplaceItemViaPointer

Affected Software/OS:
'cJSON' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-50471
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSI3LL6ZNKYNM5JKPA5FKZTATL4MPF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EO4XCUTY3ZMVW4YBG6DBYVS5NSMNP6JY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQOQ7CAOYBNHGAMNOR7ELGLC22HV3ZQV/
https://github.com/DaveGamble/cJSON/issues/802
https://lists.debian.org/debian-lts-announce/2023/12/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-50472
https://github.com/DaveGamble/cJSON/issues/803
Common Vulnerability Exposure (CVE) ID: CVE-2024-31755
https://github.com/DaveGamble/cJSON/issues/839

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856164
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2024:0139-1)
Resumen:	The remote host is missing an update for the 'cJSON' package(s) announced via the openSUSE-SU-2024:0139-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cJSON' package(s) announced via the openSUSE-SU-2024:0139-1 advisory. Vulnerability Insight: This update for cJSON fixes the following issues: - Update to 1.7.18: * CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420) * Remove non-functional list handling of compiler flags * Fix heap buffer overflow * remove misused optimization flag -01 * Set free'd pointers to NULL whenever they are not reassigned immediately after - Update to version 1.7.17 (boo#1218098, CVE-2023-50472, boo#1218099, CVE-2023-50471): * Fix null reference in cJSON_SetValuestring (CVE-2023-50472). * Fix null reference in cJSON_InsertItemInArray (CVE-2023-50471). - Update to 1.7.16: * Add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt * Add cmake_policy to CMakeLists.txt * Add cJSON_SetBoolValue * Add meson documentation * Fix memory leak in merge_patch * Fix conflicting target names 'uninstall' * Bump cmake version to 3.0 and use new version syntax * Print int without decimal places * Fix 'cjson_utils-static' target not exist * Add allocate check for replace_item_in_object * Fix a null pointer crash in cJSON_ReplaceItemViaPointer Affected Software/OS: 'cJSON' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-50471 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSI3LL6ZNKYNM5JKPA5FKZTATL4MPF7V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EO4XCUTY3ZMVW4YBG6DBYVS5NSMNP6JY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQOQ7CAOYBNHGAMNOR7ELGLC22HV3ZQV/ https://github.com/DaveGamble/cJSON/issues/802 https://lists.debian.org/debian-lts-announce/2023/12/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2023-50472 https://github.com/DaveGamble/cJSON/issues/803 Common Vulnerability Exposure (CVE) ID: CVE-2024-31755 https://github.com/DaveGamble/cJSON/issues/839
Copyright	Copyright (C) 2024 Greenbone AG