Wednesday, February 28, 2024

[USN-6667-1] Cpanel-JSON-XS vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmXfTNUACgkQZWnYVadE
vpN9dA//QeMtllMext+4xaUeY5MfAQdJx0aWNZDg/WP/DoMFV1co0WWWcg2uZ1dQ
QBu2Dh9ZKOYklPe6HJbjP6eZ4aqVV4bViGHXn5FyyobkWRSBgKrntAK07G/lsWD2
hzx/DLx7Ys4z7WWW7qqMfS+6EYTEEon0xvSdeUk8eOArkznOwwz+Yi5+Zn+zS1ZS
Ol7v4sd97sLQialTr1tbChRXt1vWKciKWUg4JUQpXznpg6DAFDelG8fsPhZGuXie
rU+kVzR5r5pYCNxW5V+7fJj1cm4Jcv9pI3NTcZL8U0tdQeLPKYDACgCThg8eJCNn
D71AipvsBnUo577gktAJXBPlUXRhh7YEuWfyXRdw++fEu1ziimUfzgvOt0l3trmN
s+Of9dLe5RLnv4ClrZ40XeCrZuOtJSu0gRoUhS+O3xS7K8JtGTwzGoI/Iw62MQK2
iidB10xzd3rNFnizdCuCbUc6/wtn5W5rzGU/malog+ZttMNs7CFxDgwoTvSMq+fL
qKCXQJlWax12QWb4WesYZeWfLusvn6byY8AASdxwAy+frmXjU+OLtelV6sVInb6p
AOoaQSbFYqqZmQvIu5wz2wlqHD/vxEuN5UIU7c6HlzFMff+D83wyzykfbg48RTvQ
dMZkr5kei0isxDW8tWQyJW8/8ccO5g0+2kM8towuIF74QlrUa2Y=
=HYiI
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6667-1
February 28, 2024

libcpanel-json-xs-perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Cpanel-JSON-XS could be made to crash or expose information if it
processed specially crafted data.

Software Description:
- libcpanel-json-xs-perl: module for fast and correct serialising to JSON

Details:

It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A
remote attacker could use this issue to cause Cpanel-JSON-XS to crash,
resulting in a denial of service, or possibly obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libcpanel-json-xs-perl 4.27-1ubuntu0.1

Ubuntu 20.04 LTS:
libcpanel-json-xs-perl 4.19-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6667-1
CVE-2022-48623

Package Information:
https://launchpad.net/ubuntu/+source/libcpanel-json-xs-perl/4.27-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libcpanel-json-xs-perl/4.19-1ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)