SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2673

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2673

Security update for python-ujson

Type: security

Severity: moderate

Issued: 2022-08-04

Description:

This update for python-ujson fixes the following issues:

- CVE-2022-31116: Fixed improper decoding of escaped surrogate characters (bsc#1201255).
- CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding (bsc#1201254).

References

CVE: CVE-2022-31117
CVE: CVE-2022-31116
Bugzilla: 1201255 VUL-0: CVE-2022-31116: python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting
Bugzilla: 1201254 VUL-1: CVE-2022-31117: python-ujson: double free while reallocating a buffer for string decoding

Packages

python-ujson-1.35-150100.3.5.1