Upstream information

CVE-2013-6370 at MITRE

Description

Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 870147 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.4.0-2.2
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libjson-c2
SUSE Linux Enterprise Desktop 12 GA rsyslog
SUSE Linux Enterprise Desktop 12 SP1
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.4.0-8.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libjson-c2
SUSE Linux Enterprise Desktop 12 SP1 GA rsyslog
SUSE Linux Enterprise Desktop 12 SP2
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.4.0-14.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libjson-c2
SUSE Linux Enterprise Desktop 12 SP2 GA rsyslog
SUSE Linux Enterprise Desktop 12 SP3
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.24.0-1.20
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libjson-c2
SUSE Linux Enterprise Desktop 12 SP3 GA rsyslog
SUSE Linux Enterprise Module for Basesystem 15
  • libjson-c-devel >= 0.13-1.19
  • libjson-c3 >= 0.13-1.19
  • libjson-c3-32bit >= 0.13-1.19
  • rsyslog >= 8.33.1-1.30
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA libjson-c-devel
SUSE Linux Enterprise Module for Basesystem 15 GA rsyslog
SUSE Linux Enterprise Module for Server Applications 15
  • rsyslog-module-gssapi >= 8.33.1-1.30
  • rsyslog-module-mysql >= 8.33.1-1.30
  • rsyslog-module-pgsql >= 8.33.1-1.30
  • rsyslog-module-relp >= 8.33.1-1.30
  • rsyslog-module-snmp >= 8.33.1-1.30
  • rsyslog-module-udpspoof >= 8.33.1-1.30
Patchnames:
SUSE Linux Enterprise Module for Server Applications 15 GA rsyslog-module-gssapi
SUSE Linux Enterprise Server 12
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.4.0-2.2
  • rsyslog-diag-tools >= 8.4.0-2.2
  • rsyslog-doc >= 8.4.0-2.2
  • rsyslog-module-gssapi >= 8.4.0-2.2
  • rsyslog-module-gtls >= 8.4.0-2.2
  • rsyslog-module-mysql >= 8.4.0-2.2
  • rsyslog-module-pgsql >= 8.4.0-2.2
  • rsyslog-module-relp >= 8.4.0-2.2
  • rsyslog-module-snmp >= 8.4.0-2.2
  • rsyslog-module-udpspoof >= 8.4.0-2.2
Patchnames:
SUSE Linux Enterprise Server 12 GA libjson-c2
SUSE Linux Enterprise Server 12 GA rsyslog
SUSE Linux Enterprise Server 12 SP1
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.4.0-8.3
  • rsyslog-diag-tools >= 8.4.0-8.3
  • rsyslog-doc >= 8.4.0-8.3
  • rsyslog-module-gssapi >= 8.4.0-8.3
  • rsyslog-module-gtls >= 8.4.0-8.3
  • rsyslog-module-mysql >= 8.4.0-8.3
  • rsyslog-module-pgsql >= 8.4.0-8.3
  • rsyslog-module-relp >= 8.4.0-8.3
  • rsyslog-module-snmp >= 8.4.0-8.3
  • rsyslog-module-udpspoof >= 8.4.0-8.3
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libjson-c2
SUSE Linux Enterprise Server 12 SP1 GA rsyslog
SUSE Linux Enterprise Server 12 SP2
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.4.0-14.1
  • rsyslog-diag-tools >= 8.4.0-14.1
  • rsyslog-doc >= 8.4.0-14.1
  • rsyslog-module-gssapi >= 8.4.0-14.1
  • rsyslog-module-gtls >= 8.4.0-14.1
  • rsyslog-module-mysql >= 8.4.0-14.1
  • rsyslog-module-pgsql >= 8.4.0-14.1
  • rsyslog-module-relp >= 8.4.0-14.1
  • rsyslog-module-snmp >= 8.4.0-14.1
  • rsyslog-module-udpspoof >= 8.4.0-14.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libjson-c2
SUSE Linux Enterprise Server 12 SP2 GA rsyslog
SUSE Linux Enterprise Server 12 SP3
  • libjson-c2 >= 0.11-2.22
  • libjson-c2-32bit >= 0.11-2.22
  • rsyslog >= 8.24.0-1.20
  • rsyslog-diag-tools >= 8.24.0-1.20
  • rsyslog-doc >= 8.24.0-1.20
  • rsyslog-module-gssapi >= 8.24.0-1.20
  • rsyslog-module-gtls >= 8.24.0-1.20
  • rsyslog-module-mysql >= 8.24.0-1.20
  • rsyslog-module-pgsql >= 8.24.0-1.20
  • rsyslog-module-relp >= 8.24.0-1.20
  • rsyslog-module-snmp >= 8.24.0-1.20
  • rsyslog-module-udpspoof >= 8.24.0-1.20
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libjson-c2
SUSE Linux Enterprise Server 12 SP3 GA rsyslog
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libjson-c2 >= 0.11-2.15
  • rsyslog >= 8.4.0-14.1
  • rsyslog-diag-tools >= 8.4.0-14.1
  • rsyslog-doc >= 8.4.0-14.1
  • rsyslog-module-gssapi >= 8.4.0-14.1
  • rsyslog-module-gtls >= 8.4.0-14.1
  • rsyslog-module-mysql >= 8.4.0-14.1
  • rsyslog-module-pgsql >= 8.4.0-14.1
  • rsyslog-module-relp >= 8.4.0-14.1
  • rsyslog-module-snmp >= 8.4.0-14.1
  • rsyslog-module-udpspoof >= 8.4.0-14.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libjson-c2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA rsyslog
SUSE Linux Enterprise Software Development Kit 12
  • libjson-c-devel >= 0.11-2.22
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libjson-c-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libjson-c-devel >= 0.11-2.22
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libjson-c-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libjson-c-devel >= 0.11-2.22
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libjson-c-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libjson-c-devel >= 0.11-2.22
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libjson-c-devel
openSUSE 12.3
  • json-c >= 0.9-13.4.1
  • json-c-debugsource >= 0.9-13.4.1
  • libjson-devel >= 0.9-13.4.1
  • libjson-doc >= 0.9-13.4.1
  • libjson0 >= 0.9-13.4.1
  • libjson0-32bit >= 0.9-13.4.1
  • libjson0-debuginfo >= 0.9-13.4.1
  • libjson0-debuginfo-32bit >= 0.9-13.4.1
Patchnames:
openSUSE-2014-317
openSUSE 13.1
  • json-c >= 0.10-3.4.1
  • json-c-debugsource >= 0.10-3.4.1
  • libjson-devel >= 0.10-3.4.1
  • libjson-doc >= 0.10-3.4.1
  • libjson0 >= 0.10-3.4.1
  • libjson0-32bit >= 0.10-3.4.1
  • libjson0-debuginfo >= 0.10-3.4.1
  • libjson0-debuginfo-32bit >= 0.10-3.4.1
Patchnames:
openSUSE-2014-317
openSUSE Leap 15.0
  • libjson-c3 >= 0.13-lp150.1.3
  • libjson-c3-32bit >= 0.13-lp150.1.3
Patchnames:
openSUSE Leap 15.0 GA libjson-c3
openSUSE Leap 42.1
  • libjson-c2 >= 0.12-4.2
  • libjson-c2-32bit >= 0.12-4.2
  • rsyslog >= 8.4.0-3.1
Patchnames:
openSUSE Leap 42.1 GA libjson-c2
openSUSE Leap 42.1 GA rsyslog
openSUSE Leap 42.2
  • libjson-c2 >= 0.12-5.4
  • libjson-c2-32bit >= 0.12-5.4
Patchnames:
openSUSE Leap 42.2 GA libjson-c2
openSUSE Leap 42.3
  • libjson-c2 >= 0.12-7.3
  • libjson-c2-32bit >= 0.12-7.3
  • rsyslog >= 8.24.0-1.3
Patchnames:
openSUSE Leap 42.3 GA libjson-c2
openSUSE Leap 42.3 GA rsyslog
openSUSE Tumbleweed
  • libjson-c-devel >= 0.12.1-1.3
  • libjson-c-doc >= 0.12.1-1.3
  • libjson-c2 >= 0.12.1-1.3
  • libjson-c2-32bit >= 0.12.1-1.3
  • rsyslog >= 8.23.0-2.1
  • rsyslog-diag-tools >= 8.23.0-2.1
  • rsyslog-doc >= 8.23.0-2.1
  • rsyslog-module-dbi >= 8.23.0-2.1
  • rsyslog-module-elasticsearch >= 8.23.0-2.1
  • rsyslog-module-gcrypt >= 8.23.0-2.1
  • rsyslog-module-gssapi >= 8.23.0-2.1
  • rsyslog-module-gtls >= 8.23.0-2.1
  • rsyslog-module-guardtime >= 8.23.0-2.1
  • rsyslog-module-mmnormalize >= 8.23.0-2.1
  • rsyslog-module-mysql >= 8.23.0-2.1
  • rsyslog-module-omamqp1 >= 8.23.0-2.1
  • rsyslog-module-omhttpfs >= 8.23.0-2.1
  • rsyslog-module-omtcl >= 8.23.0-2.1
  • rsyslog-module-pgsql >= 8.23.0-2.1
  • rsyslog-module-relp >= 8.23.0-2.1
  • rsyslog-module-snmp >= 8.23.0-2.1
  • rsyslog-module-udpspoof >= 8.23.0-2.1
Patchnames:
openSUSE Tumbleweed GA libjson-c-devel
openSUSE Tumbleweed GA rsyslog