FEDORA-2019-fb23eccc03 — security update for jackson-annotations, jackson-bom, & 2 more

stable

jackson-annotations-2.9.9-1.fc29, jackson-bom-2.9.9-1.fc29, & 2 more

FEDORA-2019-fb23eccc03 created by decathorpe 2 years ago for Fedora 29

Update jackson-databind to version 2.9.9.3.
Update jackson-core to version 2.9.9.
Update jackson-annotations to version 2.9.9.
Update jackson-bom to version 2.9.9.

Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2019-fb23eccc03

This update has been submitted for testing by decathorpe.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

decathorpe edited this update.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

Builds

jackson-annotations-2.9.9-1.fc29

jackson-bom-2.9.9-1.fc29

jackson-core-2.9.9-1.fc29

jackson-databind-2.9.9.3-1.fc29

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

2 years ago

in testing

2 years ago

in stable

2 years ago

modified

2 years ago

BZ#1713469 CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]

BZ#1725796 CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]

BZ#1725808 CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]

BZ#1737518 CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]

BZ#1752964 CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]

jackson-annotations-2.9.9-1.fc29
jackson-bom-2.9.9-1.fc29
jackson-core-2.9.9-1.fc29
jackson-databind-2.9.9.3-1.fc29

How to install

Automated Test Results