Release date:
2026-05-07 08:26:07 UTC
Description:
- CVE-2026-33947: limit path depth in jv_setpath, jv_getpath, and jv_delpaths to prevent stack overflow from deep path arrays
- CVE-2026-33948: remove strlen-based length calculation that truncated JSON input at embedded NUL bytes, preventing parser-differential attacks
Updated packages:
-
jq-1.6-14.el9.tuxcare.els4.i686.rpm
sha:772ce1089584f5aa216bffe7c309b255da440510baa60e355650fe9080e03042
-
jq-1.6-14.el9.tuxcare.els4.x86_64.rpm
sha:f060a2f6a6dba1b7905504a76ef4903bbfd79bbd93679ddf111fce34387f731b
-
jq-devel-1.6-14.el9.tuxcare.els4.i686.rpm
sha:f958a5415d7464f2d1bd04d68fb59324c1f5a0c039a002b0fbee258f29d82b3f
-
jq-devel-1.6-14.el9.tuxcare.els4.x86_64.rpm
sha:347fe1eb5fad744e5735abc921ddfdeefcf7f65330f7b19d48178bb9b55d28ac
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
