Security update for jq SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02384-1 Final 1 1 2025-07-18T16:46:06Z current 2025-07-18T16:46:06Z 2025-07-18T16:46:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for jq This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2025-2384,Container suse/sle-micro-rancher/5.3:latest-2025-2384,Container suse/sle-micro-rancher/5.4:latest-2025-2384,Container suse/sle-micro/5.5:latest-2025-2384,SUSE-2025-2384,SUSE-SLE-Micro-5.3-2025-2384,SUSE-SLE-Micro-5.4-2025-2384,SUSE-SLE-Micro-5.5-2025-2384,SUSE-SLE-Module-Basesystem-15-SP6-2025-2384,SUSE-SLE-Module-Basesystem-15-SP7-2025-2384,SUSE-SUSE-MicroOS-5.1-2025-2384,SUSE-SUSE-MicroOS-5.2-2025-2384,openSUSE-SLE-15.6-2025-2384 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502384-1/ Link for SUSE-SU-2025:02384-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040788.html E-Mail link for SUSE-SU-2025:02384-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243450 SUSE Bug 1243450 https://www.suse.com/security/cve/CVE-2024-23337/ SUSE CVE CVE-2024-23337 page Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Container suse/sle-micro/5.5:latest SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 jq-1.6-150000.3.6.1 libjq1-1.6-150000.3.6.1 libjq-devel-1.6-150000.3.6.1 jq-1.6-150000.3.6.1 as a component of Container suse/sle-micro-rancher/5.2:latest libjq1-1.6-150000.3.6.1 as a component of Container suse/sle-micro-rancher/5.2:latest jq-1.6-150000.3.6.1 as a component of Container suse/sle-micro-rancher/5.3:latest libjq1-1.6-150000.3.6.1 as a component of Container suse/sle-micro-rancher/5.3:latest jq-1.6-150000.3.6.1 as a component of Container suse/sle-micro-rancher/5.4:latest libjq1-1.6-150000.3.6.1 as a component of Container suse/sle-micro-rancher/5.4:latest jq-1.6-150000.3.6.1 as a component of Container suse/sle-micro/5.5:latest libjq1-1.6-150000.3.6.1 as a component of Container suse/sle-micro/5.5:latest jq-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.1 libjq1-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.1 jq-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.2 libjq1-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.2 jq-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.3 libjq1-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.3 jq-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.4 libjq1-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.4 jq-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.5 libjq1-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Micro 5.5 jq-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libjq-devel-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libjq1-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 jq-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libjq-devel-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libjq1-1.6-150000.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 jq-1.6-150000.3.6.1 as a component of openSUSE Leap 15.6 libjq-devel-1.6-150000.3.6.1 as a component of openSUSE Leap 15.6 libjq1-1.6-150000.3.6.1 as a component of openSUSE Leap 15.6 jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue. CVE-2024-23337 Container suse/sle-micro-rancher/5.2:latest:jq-1.6-150000.3.6.1 Container suse/sle-micro-rancher/5.2:latest:libjq1-1.6-150000.3.6.1 Container suse/sle-micro-rancher/5.3:latest:jq-1.6-150000.3.6.1 Container suse/sle-micro-rancher/5.3:latest:libjq1-1.6-150000.3.6.1 Container suse/sle-micro-rancher/5.4:latest:jq-1.6-150000.3.6.1 Container suse/sle-micro-rancher/5.4:latest:libjq1-1.6-150000.3.6.1 Container suse/sle-micro/5.5:latest:jq-1.6-150000.3.6.1 Container suse/sle-micro/5.5:latest:libjq1-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.1:jq-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.1:libjq1-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.2:jq-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.2:libjq1-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.3:jq-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.3:libjq1-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.4:jq-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.4:libjq1-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.5:jq-1.6-150000.3.6.1 SUSE Linux Enterprise Micro 5.5:libjq1-1.6-150000.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:jq-1.6-150000.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libjq-devel-1.6-150000.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libjq1-1.6-150000.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:jq-1.6-150000.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libjq-devel-1.6-150000.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libjq1-1.6-150000.3.6.1 openSUSE Leap 15.6:jq-1.6-150000.3.6.1 openSUSE Leap 15.6:libjq-devel-1.6-150000.3.6.1 openSUSE Leap 15.6:libjq1-1.6-150000.3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502384-1/ https://www.suse.com/security/cve/CVE-2024-23337.html CVE-2024-23337 https://bugzilla.suse.com/1243450 SUSE Bug 1243450