[ALSA-2025:10618] Moderate: jq security update
Type:
security
Severity:
moderate
Release date:
2025-07-09
Description:
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): * jq: jq has signed integer overflow in jv.c:jvp_array_write (CVE-2024-23337) * jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (CVE-2025-48060) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 jq-devel-1.6-11.el8_10.aarch64.rpm 839e246ccc5eaa4e09f07c42a621ee4b9d8980d5ba2208d8873077cc19a4a014
aarch64 jq-1.6-11.el8_10.aarch64.rpm 9151404ec5f18a7402ce2ec140d596511cd1f5b05e95bb75ddee8f3029db4eb3
i686 jq-1.6-11.el8_10.i686.rpm 1ddd347925ef9f607d9e71f984e57e2a07189d82944dbfbeb5aadd2b5a474845
i686 jq-devel-1.6-11.el8_10.i686.rpm ae10ded4adc12ad7aa36e40023612e463825e199fd3c00778cc7bd878affed75
ppc64le jq-1.6-11.el8_10.ppc64le.rpm 43cb29253032ce412ffddc6d732f218de96b55d7f17c7fd84a391c800cb13720
ppc64le jq-devel-1.6-11.el8_10.ppc64le.rpm 6646d0974740a9a224820a74748b97c729c10600dfd5638ec45e1924ffd03443
s390x jq-devel-1.6-11.el8_10.s390x.rpm a274bff045ea91e1d14cce1c9d6d1ac4acd29f94a5c5c08fed8c4bbba7d754c6
s390x jq-1.6-11.el8_10.s390x.rpm ac8412bc19bbdcaf77183a831703def8e6a2c2586b8edfae91cf428ee83a9c13
x86_64 jq-1.6-11.el8_10.x86_64.rpm 147b5f63b9a2f9e1dda8aaa681bc89c4307ebb23c97308e13e279d1eff856782
x86_64 jq-devel-1.6-11.el8_10.x86_64.rpm 432551321bd6ef039e694559a38d0301df23a41a7f325f91e1625f2d51760ee6
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.