A vulnerability was found in jq. There was an off-by one error, as the NUL terminator byte was not allocated on resize. A maliciously crafted JSON file could cause the application to crash. External references: https://github.com/stedolan/jq/issues/995 Upstream fix: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd References(reproducer available): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231
Created jq tracking bugs for this issue: Affects: fedora-all [bug 1328748] Affects: epel-6 [bug 1328749] Affects: epel-7 [bug 1328750]
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:1099 https://rhn.redhat.com/errata/RHSA-2016-1099.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2016:1098 https://rhn.redhat.com/errata/RHSA-2016-1098.html
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:1106 https://rhn.redhat.com/errata/RHSA-2016-1106.html