ELSA-2025-12882

ELSA-2025-12882 - jq security update

Type:SECURITY
Impact:MODERATE
Release Date:2025-08-05

Description


[1.7.1-8.el10_0.1]
- jq: jq has signed integer overflow in jv.c:jvp_array_write (CVE-2024-23337)
- jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (CVE-2025-48060)


Related CVEs


CVE-2025-48060
CVE-2024-23337

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) jq-1.7.1-8.el10_0.1.src.rpm8961a70e6ffc5c910b307dc4be59e37ad86c81def8f8409dbb777e31b9dc8eb2-ol10_aarch64_baseos_latest
jq-1.7.1-8.el10_0.1.src.rpm8961a70e6ffc5c910b307dc4be59e37ad86c81def8f8409dbb777e31b9dc8eb2-ol10_aarch64_codeready_builder
jq-1.7.1-8.el10_0.1.src.rpm8961a70e6ffc5c910b307dc4be59e37ad86c81def8f8409dbb777e31b9dc8eb2-ol10_aarch64_u0_baseos_patch
jq-1.7.1-8.el10_0.1.aarch64.rpm9b2cb805a3e0e23044a1a7a48f1cbaa2347a832c5a09d63df287c4ee657f9482-ol10_aarch64_baseos_latest
jq-1.7.1-8.el10_0.1.aarch64.rpm9b2cb805a3e0e23044a1a7a48f1cbaa2347a832c5a09d63df287c4ee657f9482-ol10_aarch64_u0_baseos_patch
jq-devel-1.7.1-8.el10_0.1.aarch64.rpm2f33b0c39b0abad9e31d58281e50922ed2728596fec903b94417d0129ff73c46-ol10_aarch64_codeready_builder
Oracle Linux 10 (x86_64) jq-1.7.1-8.el10_0.1.src.rpm8961a70e6ffc5c910b307dc4be59e37ad86c81def8f8409dbb777e31b9dc8eb2-ol10_x86_64_baseos_latest
jq-1.7.1-8.el10_0.1.src.rpm8961a70e6ffc5c910b307dc4be59e37ad86c81def8f8409dbb777e31b9dc8eb2-ol10_x86_64_codeready_builder
jq-1.7.1-8.el10_0.1.src.rpm8961a70e6ffc5c910b307dc4be59e37ad86c81def8f8409dbb777e31b9dc8eb2-ol10_x86_64_u0_baseos_patch
jq-1.7.1-8.el10_0.1.x86_64.rpmae1412109a12dfcae99fe0ae0088ae749ba6599c465e8a42dde77e2c5dc87a36-ol10_x86_64_baseos_latest
jq-1.7.1-8.el10_0.1.x86_64.rpmae1412109a12dfcae99fe0ae0088ae749ba6599c465e8a42dde77e2c5dc87a36-ol10_x86_64_u0_baseos_patch
jq-devel-1.7.1-8.el10_0.1.x86_64.rpmc9d2550da0a5f4a0da820345e0c63c692679e303915ac7cd3ead56986f10b775-ol10_x86_64_codeready_builder



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete