Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-1644

Опубликовано: 05 мая 2020
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2020-1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (MODERATE)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module pki-core:10.6 is enabled

jss

4.6.2-4.module+el8.2.0+5594+09d37207

jss-javadoc

4.6.2-4.module+el8.2.0+5594+09d37207

ldapjdk

4.21.0-2.module+el8.2.0+5594+09d37207

ldapjdk-javadoc

4.21.0-2.module+el8.2.0+5594+09d37207

pki-base

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-base-java

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-ca

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-kra

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-server

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-symkey

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-tools

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

python3-pki

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

tomcatjss

7.4.1-2.module+el8.2.0+5594+09d37207

Module pki-deps:10.6 is enabled

apache-commons-collections

3.2.2-10.module+el8.2.0+5508+146760da

apache-commons-lang

2.6-21.module+el8.2.0+5508+146760da

bea-stax-api

1.2.0-16.module+el8.2.0+5508+146760da

glassfish-fastinfoset

1.2.13-9.module+el8.2.0+5508+146760da

glassfish-jaxb-api

2.2.12-8.module+el8.2.0+5508+146760da

glassfish-jaxb-core

2.2.11-11.module+el8.2.0+5508+146760da

glassfish-jaxb-runtime

2.2.11-11.module+el8.2.0+5508+146760da

glassfish-jaxb-txw2

2.2.11-11.module+el8.2.0+5508+146760da

jackson-annotations

2.10.0-1.module+el8.2.0+5508+146760da

jackson-core

2.10.0-1.module+el8.2.0+5508+146760da

jackson-databind

2.10.0-1.module+el8.2.0+5508+146760da

jackson-jaxrs-json-provider

2.9.9-1.module+el8.2.0+5508+146760da

jackson-jaxrs-providers

2.9.9-1.module+el8.2.0+5508+146760da

jackson-module-jaxb-annotations

2.7.6-4.module+el8.2.0+5508+146760da

jakarta-commons-httpclient

3.1-28.module+el8.2.0+5508+146760da

javassist

3.18.1-8.module+el8.2.0+5508+146760da

javassist-javadoc

3.18.1-8.module+el8.2.0+5508+146760da

pki-servlet-4.0-api

9.0.7-16.module+el8.2.0+5508+146760da

pki-servlet-engine

9.0.7-16.module+el8.2.0+5508+146760da

python-nss-doc

1.0.1-10.module+el8.2.0+5508+146760da

python3-nss

1.0.1-10.module+el8.2.0+5508+146760da

relaxngDatatype

2011.1-7.module+el8.2.0+5508+146760da

resteasy

3.0.26-3.module+el8.2.0+5508+146760da

slf4j

1.7.25-4.module+el8.2.0+5508+146760da

slf4j-jdk14

1.7.25-4.module+el8.2.0+5508+146760da

stax-ex

1.7.7-8.module+el8.2.0+5508+146760da

velocity

1.7-24.module+el8.2.0+5508+146760da

xalan-j2

2.7.1-38.module+el8.2.0+5508+146760da

xerces-j2

2.11.0-34.module+el8.2.0+5508+146760da

xml-commons-apis

1.4.01-25.module+el8.2.0+5508+146760da

xml-commons-resolver

1.2-26.module+el8.2.0+5508+146760da

xmlstreambuffer

1.5.4-8.module+el8.2.0+5508+146760da

xsom

0-19.20110809svn.module+el8.2.0+5508+146760da

Oracle Linux x86_64

Module pki-core:10.6 is enabled

jss

4.6.2-4.module+el8.2.0+5594+09d37207

jss-javadoc

4.6.2-4.module+el8.2.0+5594+09d37207

ldapjdk

4.21.0-2.module+el8.2.0+5594+09d37207

ldapjdk-javadoc

4.21.0-2.module+el8.2.0+5594+09d37207

pki-base

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-base-java

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-ca

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-kra

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-server

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-symkey

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

pki-tools

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

python3-pki

10.8.3-1.0.1.module+el8.2.0+5594+09d37207

tomcatjss

7.4.1-2.module+el8.2.0+5594+09d37207

Module pki-deps:10.6 is enabled

apache-commons-collections

3.2.2-10.module+el8.2.0+5508+146760da

apache-commons-lang

2.6-21.module+el8.2.0+5508+146760da

bea-stax-api

1.2.0-16.module+el8.2.0+5508+146760da

glassfish-fastinfoset

1.2.13-9.module+el8.2.0+5508+146760da

glassfish-jaxb-api

2.2.12-8.module+el8.2.0+5508+146760da

glassfish-jaxb-core

2.2.11-11.module+el8.2.0+5508+146760da

glassfish-jaxb-runtime

2.2.11-11.module+el8.2.0+5508+146760da

glassfish-jaxb-txw2

2.2.11-11.module+el8.2.0+5508+146760da

jackson-annotations

2.10.0-1.module+el8.2.0+5508+146760da

jackson-core

2.10.0-1.module+el8.2.0+5508+146760da

jackson-databind

2.10.0-1.module+el8.2.0+5508+146760da

jackson-jaxrs-json-provider

2.9.9-1.module+el8.2.0+5508+146760da

jackson-jaxrs-providers

2.9.9-1.module+el8.2.0+5508+146760da

jackson-module-jaxb-annotations

2.7.6-4.module+el8.2.0+5508+146760da

jakarta-commons-httpclient

3.1-28.module+el8.2.0+5508+146760da

javassist

3.18.1-8.module+el8.2.0+5508+146760da

javassist-javadoc

3.18.1-8.module+el8.2.0+5508+146760da

pki-servlet-4.0-api

9.0.7-16.module+el8.2.0+5508+146760da

pki-servlet-engine

9.0.7-16.module+el8.2.0+5508+146760da

python-nss-doc

1.0.1-10.module+el8.2.0+5508+146760da

python3-nss

1.0.1-10.module+el8.2.0+5508+146760da

relaxngDatatype

2011.1-7.module+el8.2.0+5508+146760da

resteasy

3.0.26-3.module+el8.2.0+5508+146760da

slf4j

1.7.25-4.module+el8.2.0+5508+146760da

slf4j-jdk14

1.7.25-4.module+el8.2.0+5508+146760da

stax-ex

1.7.7-8.module+el8.2.0+5508+146760da

velocity

1.7-24.module+el8.2.0+5508+146760da

xalan-j2

2.7.1-38.module+el8.2.0+5508+146760da

xerces-j2

2.11.0-34.module+el8.2.0+5508+146760da

xml-commons-apis

1.4.01-25.module+el8.2.0+5508+146760da

xml-commons-resolver

1.2-26.module+el8.2.0+5508+146760da

xmlstreambuffer

1.5.4-8.module+el8.2.0+5508+146760da

xsom

0-19.20110809svn.module+el8.2.0+5508+146760da

Связанные CVE

CVE-2019-16943
CVE-2019-17531
CVE-2019-16942
CVE-2019-16335
CVE-2019-14540

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2020:1644

rocky
больше 5 лет назад

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

ubuntu логотип

CVE-2019-16943

CVSS3: 9.8
ubuntu
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

redhat логотип

CVE-2019-16943

CVSS3: 7.5
redhat
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

nvd логотип

CVE-2019-16943

CVSS3: 9.8
nvd
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

debian логотип

CVE-2019-16943

CVSS3: 9.8
debian
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...