Red Hat Product Errata RHSA-2024:2580 - Security Advisory
Issued:
2024-04-30
Updated:
2024-04-30

RHSA-2024:2580 - Security Advisory

Synopsis

Moderate: yajl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator.

Security Fix(es):

  • yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64

Fixes

  • BZ - 2221249 - CVE-2023-33460 yajl: Memory leak in yajl_tree_parse function

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
x86_64
yajl-2.1.0-12.el8_8.i686.rpm SHA-256: f510f95244fdaeb3944248403c59b3e7ed37b5847d5c0c2aafeab203eed72f12
yajl-2.1.0-12.el8_8.x86_64.rpm SHA-256: b13783fd199d56d09dece1f9427447170fc6ac58577ee0cb9ca5f0a3c3577b24
yajl-debuginfo-2.1.0-12.el8_8.i686.rpm SHA-256: 7d38b6c410345e7d1cd08aaa53a070e3ec1e6d0a5f3a2fb21b87f98aa7741709
yajl-debuginfo-2.1.0-12.el8_8.x86_64.rpm SHA-256: f1bf9622fb27d3015b1a589576f16bae4adf31f14bf59c1a6b670be5a893d948
yajl-debugsource-2.1.0-12.el8_8.i686.rpm SHA-256: 18af5b918ed0dc7855af81566bdbfc0c727c3ea07f39798919e43843d91b449d
yajl-debugsource-2.1.0-12.el8_8.x86_64.rpm SHA-256: 0ccb24ebb95d6c84e54c9bbc96ebb10ba17899ac32848b8709102b3cb56d6640

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
x86_64
yajl-2.1.0-12.el8_8.i686.rpm SHA-256: f510f95244fdaeb3944248403c59b3e7ed37b5847d5c0c2aafeab203eed72f12
yajl-2.1.0-12.el8_8.x86_64.rpm SHA-256: b13783fd199d56d09dece1f9427447170fc6ac58577ee0cb9ca5f0a3c3577b24
yajl-debuginfo-2.1.0-12.el8_8.i686.rpm SHA-256: 7d38b6c410345e7d1cd08aaa53a070e3ec1e6d0a5f3a2fb21b87f98aa7741709
yajl-debuginfo-2.1.0-12.el8_8.x86_64.rpm SHA-256: f1bf9622fb27d3015b1a589576f16bae4adf31f14bf59c1a6b670be5a893d948
yajl-debugsource-2.1.0-12.el8_8.i686.rpm SHA-256: 18af5b918ed0dc7855af81566bdbfc0c727c3ea07f39798919e43843d91b449d
yajl-debugsource-2.1.0-12.el8_8.x86_64.rpm SHA-256: 0ccb24ebb95d6c84e54c9bbc96ebb10ba17899ac32848b8709102b3cb56d6640

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
s390x
yajl-2.1.0-12.el8_8.s390x.rpm SHA-256: 31f0249415ecd799fdb1e4f26e10bc94b03e3abbd40f8d0de9914f395e255b13
yajl-debuginfo-2.1.0-12.el8_8.s390x.rpm SHA-256: a0344931858406f1f9359e12b11f7ffe2b92c787faed694f66a92bb4b6599a1d
yajl-debugsource-2.1.0-12.el8_8.s390x.rpm SHA-256: e4e638351d242c71e5039aecac38b81426dda535c0ccd28f616165fa38da425b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
ppc64le
yajl-2.1.0-12.el8_8.ppc64le.rpm SHA-256: cfa180ec45f8883f0f6b7d5aa5228c557582b3429f49da9323258cc4979ad436
yajl-debuginfo-2.1.0-12.el8_8.ppc64le.rpm SHA-256: 4c22c077f5bd1eeb54cda592fde42a84cd66fc7d8c269cd58312469493a50282
yajl-debugsource-2.1.0-12.el8_8.ppc64le.rpm SHA-256: 87ccee4ab363b2903984b09efa23fcecd9371ee5611f8b712a8d0d940e542179

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
x86_64
yajl-2.1.0-12.el8_8.i686.rpm SHA-256: f510f95244fdaeb3944248403c59b3e7ed37b5847d5c0c2aafeab203eed72f12
yajl-2.1.0-12.el8_8.x86_64.rpm SHA-256: b13783fd199d56d09dece1f9427447170fc6ac58577ee0cb9ca5f0a3c3577b24
yajl-debuginfo-2.1.0-12.el8_8.i686.rpm SHA-256: 7d38b6c410345e7d1cd08aaa53a070e3ec1e6d0a5f3a2fb21b87f98aa7741709
yajl-debuginfo-2.1.0-12.el8_8.x86_64.rpm SHA-256: f1bf9622fb27d3015b1a589576f16bae4adf31f14bf59c1a6b670be5a893d948
yajl-debugsource-2.1.0-12.el8_8.i686.rpm SHA-256: 18af5b918ed0dc7855af81566bdbfc0c727c3ea07f39798919e43843d91b449d
yajl-debugsource-2.1.0-12.el8_8.x86_64.rpm SHA-256: 0ccb24ebb95d6c84e54c9bbc96ebb10ba17899ac32848b8709102b3cb56d6640

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
aarch64
yajl-2.1.0-12.el8_8.aarch64.rpm SHA-256: 17ed2a757f01eaefa83a76799a769984adc4668663dcbec2e188d988bab3bf00
yajl-debuginfo-2.1.0-12.el8_8.aarch64.rpm SHA-256: 4f4ea256aa23db5d70aaff15db789d50f9c87a0a3d0b41522b0293ae4d6b543e
yajl-debugsource-2.1.0-12.el8_8.aarch64.rpm SHA-256: 43af384da9b1be9222f2d5ed2ab3208b3455e72333d0bafcb810d661f8f9a95e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
ppc64le
yajl-2.1.0-12.el8_8.ppc64le.rpm SHA-256: cfa180ec45f8883f0f6b7d5aa5228c557582b3429f49da9323258cc4979ad436
yajl-debuginfo-2.1.0-12.el8_8.ppc64le.rpm SHA-256: 4c22c077f5bd1eeb54cda592fde42a84cd66fc7d8c269cd58312469493a50282
yajl-debugsource-2.1.0-12.el8_8.ppc64le.rpm SHA-256: 87ccee4ab363b2903984b09efa23fcecd9371ee5611f8b712a8d0d940e542179

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
yajl-2.1.0-12.el8_8.src.rpm SHA-256: 90a203e4642d232bcb942dec5cc2c3975a329b8088a7e42732243c2dea94595a
x86_64
yajl-2.1.0-12.el8_8.i686.rpm SHA-256: f510f95244fdaeb3944248403c59b3e7ed37b5847d5c0c2aafeab203eed72f12
yajl-2.1.0-12.el8_8.x86_64.rpm SHA-256: b13783fd199d56d09dece1f9427447170fc6ac58577ee0cb9ca5f0a3c3577b24
yajl-debuginfo-2.1.0-12.el8_8.i686.rpm SHA-256: 7d38b6c410345e7d1cd08aaa53a070e3ec1e6d0a5f3a2fb21b87f98aa7741709
yajl-debuginfo-2.1.0-12.el8_8.x86_64.rpm SHA-256: f1bf9622fb27d3015b1a589576f16bae4adf31f14bf59c1a6b670be5a893d948
yajl-debugsource-2.1.0-12.el8_8.i686.rpm SHA-256: 18af5b918ed0dc7855af81566bdbfc0c727c3ea07f39798919e43843d91b449d
yajl-debugsource-2.1.0-12.el8_8.x86_64.rpm SHA-256: 0ccb24ebb95d6c84e54c9bbc96ebb10ba17899ac32848b8709102b3cb56d6640

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8

SRPM
x86_64
yajl-debuginfo-2.1.0-12.el8_8.i686.rpm SHA-256: 7d38b6c410345e7d1cd08aaa53a070e3ec1e6d0a5f3a2fb21b87f98aa7741709
yajl-debuginfo-2.1.0-12.el8_8.x86_64.rpm SHA-256: f1bf9622fb27d3015b1a589576f16bae4adf31f14bf59c1a6b670be5a893d948
yajl-debugsource-2.1.0-12.el8_8.i686.rpm SHA-256: 18af5b918ed0dc7855af81566bdbfc0c727c3ea07f39798919e43843d91b449d
yajl-debugsource-2.1.0-12.el8_8.x86_64.rpm SHA-256: 0ccb24ebb95d6c84e54c9bbc96ebb10ba17899ac32848b8709102b3cb56d6640
yajl-devel-2.1.0-12.el8_8.i686.rpm SHA-256: e27f6f65e657a3adcabfeeeb4894116b2ab164603204a2e260c57bf2cebf8ad7
yajl-devel-2.1.0-12.el8_8.x86_64.rpm SHA-256: 05a84de2b99568d2c94c6ca1caa3cee4f719e1e4bc5ef552176f1b4d86a5771a

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8

SRPM
ppc64le
yajl-debuginfo-2.1.0-12.el8_8.ppc64le.rpm SHA-256: 4c22c077f5bd1eeb54cda592fde42a84cd66fc7d8c269cd58312469493a50282
yajl-debugsource-2.1.0-12.el8_8.ppc64le.rpm SHA-256: 87ccee4ab363b2903984b09efa23fcecd9371ee5611f8b712a8d0d940e542179
yajl-devel-2.1.0-12.el8_8.ppc64le.rpm SHA-256: 5a9f3513747d0eb1451b81d01cca73b5a7f3ff15bb0ee35b05c1a99c8c925c98

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8

SRPM
s390x
yajl-debuginfo-2.1.0-12.el8_8.s390x.rpm SHA-256: a0344931858406f1f9359e12b11f7ffe2b92c787faed694f66a92bb4b6599a1d
yajl-debugsource-2.1.0-12.el8_8.s390x.rpm SHA-256: e4e638351d242c71e5039aecac38b81426dda535c0ccd28f616165fa38da425b
yajl-devel-2.1.0-12.el8_8.s390x.rpm SHA-256: 56101476f3c04d844a661d352ec1f65392af4ecd6fda44c6081f3fb355a401f8

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8

SRPM
aarch64
yajl-debuginfo-2.1.0-12.el8_8.aarch64.rpm SHA-256: 4f4ea256aa23db5d70aaff15db789d50f9c87a0a3d0b41522b0293ae4d6b543e
yajl-debugsource-2.1.0-12.el8_8.aarch64.rpm SHA-256: 43af384da9b1be9222f2d5ed2ab3208b3455e72333d0bafcb810d661f8f9a95e
yajl-devel-2.1.0-12.el8_8.aarch64.rpm SHA-256: c6a1a51ccc23b578376b765c81615be30226fc851965a48dff29b910d2b4c5ba

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.