Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-14126

Опубликовано: 22 авг. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-14126: pki-deps:10.6 security update (IMPORTANT)

apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent [69-1]

  • Rebase to version 69
  • Resolves: RHEL-103106

glassfish-fastinfoset glassfish-jaxb glassfish-jaxb-api jackson-annotations [2.19.1-1]

  • Rebase to upstream version 2.19.1
  • Resolves: RHEL-103106

jackson-bom [2.19.1-1]

  • Rebase to version 2.19.1
  • Resolves: RHEL-103106

jackson-core [2.19.1-1]

  • Rebase to upstream version 2.19.1
  • Resolves: RHEL-103106

jackson-databind [2.19.1-1]

  • Rebase to upstream version 2.19.1
  • Resolves: RHEL-103106

jackson-jaxrs-providers [2.19.1-1]

  • Rebase to upstream version 2.19.1
  • Resolves: RHEL-103106

jackson-modules-base [2.19.1-2]

  • Update to version 2.19.1
  • Resolves: RHEL-103106

jackson-parent [2.19.1-1]

  • Rebase to version 2.19.1
  • Resolves: RHEL-103106

jakarta-commons-httpclient javassist pki-servlet-engine relaxngDatatype slf4j stax-ex velocity xalan-j2 xerces-j2 xml-commons-apis xml-commons-resolver xmlstreambuffer xsom

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module pki-deps:10.6 is enabled

apache-commons-collections

3.2.2-10.module+el8.10.0+90642+1ede0e5a

apache-commons-lang

2.6-21.module+el8.10.0+90642+1ede0e5a

apache-commons-net

3.6-3.module+el8.10.0+90642+1ede0e5a

bea-stax-api

1.2.0-16.module+el8.10.0+90642+1ede0e5a

fasterxml-oss-parent

69-1.module+el8.10.0+90642+1ede0e5a

glassfish-fastinfoset

1.2.13-9.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-api

2.2.12-8.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-core

2.2.11-12.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-runtime

2.2.11-12.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-txw2

2.2.11-12.module+el8.10.0+90642+1ede0e5a

jackson-annotations

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-bom

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-core

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-databind

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-jaxrs-json-provider

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-jaxrs-providers

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-module-jaxb-annotations

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-modules-base

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-parent

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jakarta-commons-httpclient

3.1-28.module+el8.10.0+90642+1ede0e5a

javassist

3.18.1-8.module+el8.10.0+90642+1ede0e5a

javassist-javadoc

3.18.1-8.module+el8.10.0+90642+1ede0e5a

pki-servlet-engine

9.0.62-1.module+el8.10.0+90642+1ede0e5a

relaxngDatatype

2011.1-7.module+el8.10.0+90642+1ede0e5a

slf4j

1.7.25-4.module+el8.10.0+90642+1ede0e5a

slf4j-jdk14

1.7.25-4.module+el8.10.0+90642+1ede0e5a

stax-ex

1.7.7-8.module+el8.10.0+90642+1ede0e5a

velocity

1.7-24.module+el8.10.0+90642+1ede0e5a

xalan-j2

2.7.1-38.module+el8.10.0+90642+1ede0e5a

xerces-j2

2.11.0-34.module+el8.10.0+90642+1ede0e5a

xml-commons-apis

1.4.01-25.module+el8.10.0+90642+1ede0e5a

xml-commons-resolver

1.2-26.module+el8.10.0+90642+1ede0e5a

xmlstreambuffer

1.5.4-8.module+el8.10.0+90642+1ede0e5a

xsom

0-19.20110809svn.module+el8.10.0+90642+1ede0e5a

Oracle Linux x86_64

Module pki-deps:10.6 is enabled

apache-commons-collections

3.2.2-10.module+el8.10.0+90642+1ede0e5a

apache-commons-lang

2.6-21.module+el8.10.0+90642+1ede0e5a

apache-commons-net

3.6-3.module+el8.10.0+90642+1ede0e5a

bea-stax-api

1.2.0-16.module+el8.10.0+90642+1ede0e5a

fasterxml-oss-parent

69-1.module+el8.10.0+90642+1ede0e5a

glassfish-fastinfoset

1.2.13-9.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-api

2.2.12-8.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-core

2.2.11-12.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-runtime

2.2.11-12.module+el8.10.0+90642+1ede0e5a

glassfish-jaxb-txw2

2.2.11-12.module+el8.10.0+90642+1ede0e5a

jackson-annotations

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-bom

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-core

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-databind

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-jaxrs-json-provider

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-jaxrs-providers

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-module-jaxb-annotations

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-modules-base

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jackson-parent

2.19.1-1.module+el8.10.0+90642+1ede0e5a

jakarta-commons-httpclient

3.1-28.module+el8.10.0+90642+1ede0e5a

javassist

3.18.1-8.module+el8.10.0+90642+1ede0e5a

javassist-javadoc

3.18.1-8.module+el8.10.0+90642+1ede0e5a

pki-servlet-engine

9.0.62-1.module+el8.10.0+90642+1ede0e5a

relaxngDatatype

2011.1-7.module+el8.10.0+90642+1ede0e5a

slf4j

1.7.25-4.module+el8.10.0+90642+1ede0e5a

slf4j-jdk14

1.7.25-4.module+el8.10.0+90642+1ede0e5a

stax-ex

1.7.7-8.module+el8.10.0+90642+1ede0e5a

velocity

1.7-24.module+el8.10.0+90642+1ede0e5a

xalan-j2

2.7.1-38.module+el8.10.0+90642+1ede0e5a

xerces-j2

2.11.0-34.module+el8.10.0+90642+1ede0e5a

xml-commons-apis

1.4.01-25.module+el8.10.0+90642+1ede0e5a

xml-commons-resolver

1.2-26.module+el8.10.0+90642+1ede0e5a

xmlstreambuffer

1.5.4-8.module+el8.10.0+90642+1ede0e5a

xsom

0-19.20110809svn.module+el8.10.0+90642+1ede0e5a

Связанные CVE

CVE-2025-52999

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-52999

ubuntu
5 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

redhat логотип

CVE-2025-52999

CVSS3: 7.5
redhat
5 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

nvd логотип

CVE-2025-52999

nvd
5 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

debian логотип

CVE-2025-52999

debian
5 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser ...

github логотип

GHSA-h46c-h94j-95f3

github
5 месяцев назад

jackson-core can throw a StackoverflowError when processing deeply nested data