Medium
Canonical Ubuntu
USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762.
Original advisory details:
It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code.
CVEs contained in this USN include: CVE-2020-12762.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2020-05-28: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
cflinuxfs3 | lt | 0.189.0 | |
xenial stemcells | lt | 170.221 | |
xenial stemcells | lt | 250.200 | |
xenial stemcells | lt | 315.185 | |
xenial stemcells | lt | 456.114 | |
xenial stemcells | lt | 621.76 |