Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2019:2720

Опубликовано: 10 сент. 2019
Источник: rocky
Оценка: Important

Описание

Important: pki-deps:10.6 security update

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System.

Security Fix(es):

  • jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
apache-commons-collectionsnoarch10.module+el8.3.0+53+ea062990apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpm
apache-commons-langnoarch21.module+el8.3.0+53+ea062990apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpm
bea-stax-apinoarch16.module+el8.3.0+53+ea062990bea-stax-api-1.2.0-16.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-fastinfosetnoarch9.module+el8.3.0+53+ea062990glassfish-fastinfoset-1.2.13-9.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-apinoarch8.module+el8.3.0+53+ea062990glassfish-jaxb-api-2.2.12-8.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-corenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-core-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-runtimenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-runtime-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-txw2noarch11.module+el8.3.0+53+ea062990glassfish-jaxb-txw2-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
jackson-jaxrs-json-providernoarch1.module+el8.3.0+53+ea062990jackson-jaxrs-json-provider-2.9.9-1.module+el8.3.0+53+ea062990.noarch.rpm
jackson-jaxrs-providersnoarch1.module+el8.3.0+53+ea062990jackson-jaxrs-providers-2.9.9-1.module+el8.3.0+53+ea062990.noarch.rpm

Показывать по

Связанные CVE

CVE-2019-12384

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2019-12384

CVSS3: 5.9
ubuntu
почти 6 лет назад

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

redhat логотип

CVE-2019-12384

CVSS3: 8.1
redhat
почти 6 лет назад

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

nvd логотип

CVE-2019-12384

CVSS3: 5.9
nvd
почти 6 лет назад

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

debian логотип

CVE-2019-12384

CVSS3: 5.9
debian
почти 6 лет назад

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to ...

github логотип

GHSA-mph4-vhrx-mv67

CVSS3: 5.9
github
почти 6 лет назад

Deserialization of Untrusted Data in FasterXML jackson-databind