Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:1644

Опубликовано: 28 апр. 2020
Источник: rocky
Оценка: Moderate

Описание

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System.

Security Fix(es):

  • jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540)

  • jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)

  • jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942)

  • jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)

  • jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
apache-commons-collectionsnoarch10.module+el8.3.0+53+ea062990apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpm
apache-commons-langnoarch21.module+el8.3.0+53+ea062990apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpm
bea-stax-apinoarch16.module+el8.3.0+53+ea062990bea-stax-api-1.2.0-16.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-fastinfosetnoarch9.module+el8.3.0+53+ea062990glassfish-fastinfoset-1.2.13-9.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-apinoarch8.module+el8.3.0+53+ea062990glassfish-jaxb-api-2.2.12-8.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-corenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-core-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-runtimenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-runtime-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-txw2noarch11.module+el8.3.0+53+ea062990glassfish-jaxb-txw2-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
jackson-annotationsnoarch1.module+el8.3.0+53+ea062990jackson-annotations-2.10.0-1.module+el8.3.0+53+ea062990.noarch.rpm
jackson-corenoarch1.module+el8.3.0+53+ea062990jackson-core-2.10.0-1.module+el8.3.0+53+ea062990.noarch.rpm

Показывать по

Связанные CVE

CVE-2019-14540
CVE-2019-16335
CVE-2019-16942
CVE-2019-16943
CVE-2019-17531
CVE-2019-20330
CVE-2020-10672
CVE-2020-10673
CVE-2020-8840
CVE-2020-9546
CVE-2020-9547
CVE-2020-9548

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2020-1644

oracle-oval
около 5 лет назад

ELSA-2020-1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2019-14540

CVSS3: 9.8
ubuntu
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

redhat логотип

CVE-2019-14540

CVSS3: 7.5
redhat
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

nvd логотип

CVE-2019-14540

CVSS3: 9.8
nvd
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

debian логотип

CVE-2019-14540

CVSS3: 9.8
debian
почти 6 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...