Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:3061

Опубликовано: 14 июн. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: pki-core:10.6 and pki-deps:10.6 security update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System.

Security Fix(es):

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
apache-commons-collectionsnoarch10.module+el8.10.0+1763+c7c02164apache-commons-collections-3.2.2-10.module+el8.10.0+1763+c7c02164.noarch.rpm
apache-commons-collectionsnoarch10.module+el8.10.0+1763+c7c02164apache-commons-collections-3.2.2-10.module+el8.10.0+1763+c7c02164.noarch.rpm
apache-commons-langnoarch21.module+el8.10.0+1763+c7c02164apache-commons-lang-2.6-21.module+el8.10.0+1763+c7c02164.noarch.rpm
apache-commons-langnoarch21.module+el8.10.0+1763+c7c02164apache-commons-lang-2.6-21.module+el8.10.0+1763+c7c02164.noarch.rpm
apache-commons-netnoarch3.module+el8.10.0+1763+c7c02164apache-commons-net-3.6-3.module+el8.10.0+1763+c7c02164.noarch.rpm
apache-commons-netnoarch3.module+el8.10.0+1763+c7c02164apache-commons-net-3.6-3.module+el8.10.0+1763+c7c02164.noarch.rpm
bea-stax-apinoarch16.module+el8.10.0+1763+c7c02164bea-stax-api-1.2.0-16.module+el8.10.0+1763+c7c02164.noarch.rpm
bea-stax-apinoarch16.module+el8.10.0+1763+c7c02164bea-stax-api-1.2.0-16.module+el8.10.0+1763+c7c02164.noarch.rpm
glassfish-fastinfosetnoarch9.module+el8.10.0+1763+c7c02164glassfish-fastinfoset-1.2.13-9.module+el8.10.0+1763+c7c02164.noarch.rpm
glassfish-fastinfosetnoarch9.module+el8.10.0+1763+c7c02164glassfish-fastinfoset-1.2.13-9.module+el8.10.0+1763+c7c02164.noarch.rpm

Показывать по

Связанные CVE

CVE-2020-36518

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-36518

CVSS3: 7.5
ubuntu
почти 4 года назад

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

redhat логотип

CVE-2020-36518

CVSS3: 7.5
redhat
больше 5 лет назад

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

nvd логотип

CVE-2020-36518

CVSS3: 7.5
nvd
почти 4 года назад

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

debian логотип

CVE-2020-36518

CVSS3: 7.5
debian
почти 4 года назад

jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...

github логотип

GHSA-57j2-w4cx-62h2

CVSS3: 7.5
github
почти 4 года назад

Deeply nested json in jackson-databind