Jq Processor Security Update Advisory (CVE-2023-50268)

Feb 20 2024

Overview

An update has been made available to address a vulnerability in the command-line JSON processor (JQ). Users of affected versions are encouraged to update to the latest version.

Affected Products

jQ version 1.7

Resolved Vulnerabilities

Stack Vuffer Overflow Vulnerability in jq (CVE-2023-50268)

Vulnerability Patches

A vulnerability patch was made available in the December 14, 2023 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

jQ 1.7.1 version

Referenced Sites

[1] CVE-2023-50268 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-50268
[2] [oss-fuzz] Issue 64771: jq:jq_fuzz_execute: Stack-buffer-overflow in decNaNs
https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j
[3] Merge pull request from GHSA-7hmr-442f-qc8j
https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b

Jq Processor Security Update Advisory (CVE-2023-50268)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

NVIDIA (DGX Station A100, DGX Station A800) Products February 2024 Security Update Advisory

VMware Family February 2024 Round 1 Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

NVIDIA (DGX Station A100, DGX Station A800) Products February 2024 Security Update Advisory

VMware Family February 2024 Round 1 Security Update Advisory