Fedora 26: mujs Security Update
Summary
MuJS is a lightweight Javascript interpreter designed for embedding in
other software to extend them with scripting capabilities.
Security fix for CVE-2018-5759.
[ 1 ] Bug #1539514 - CVE-2018-5759 mujs: Improper management of AST depth in jsparse.c can allow a remote attacker to cause a denial of service via a crafted file
https://bugzilla.redhat.com/show_bug.cgi?id=1539514
[ 2 ] Bug #1539847 - CVE-2018-6191 mujs: Interger overflow in js_strtod function in jsdtoa.c
https://bugzilla.redhat.com/show_bug.cgi?id=1539847
su -c 'dnf upgrade mujs' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2018-d4746c772f 2018-02-14 17:08:28.617718 Product : Fedora 26 Version : 0 Release : 11.20180129git25821e6.fc26 URL : https://mujs.com/ Summary : An embeddable Javascript interpreter Description : MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities. Security fix for CVE-2018-5759. [ 1 ] Bug #1539514 - CVE-2018-5759 mujs: Improper management of AST depth in jsparse.c can allow a remote attacker to cause a denial of service via a crafted file https://bugzilla.redhat.com/show_bug.cgi?id=1539514 [ 2 ] Bug #1539847 - CVE-2018-6191 mujs: Interger overflow in js_strtod function in jsdtoa.c https://bugzilla.redhat.com/show_bug.cgi?id=1539847 su -c 'dnf upgrade mujs' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References