[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2135-1] jackson-databind security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : jackson-databind
Version        : 2.4.2-2+deb8u12
CVE ID         : CVE-2020-9546 CVE-2020-9547 CVE-2020-9548


The following CVEs were reported for jackson-databind source package.

CVE-2020-9546

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
    interaction between serialization gadgets and typing, related
    to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig
    (aka shaded hikari-config).

CVE-2020-9547

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
    interaction between serialization gadgets and typing, related
    to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig
    (aka ibatis-sqlmap).

CVE-2020-9548

     FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
     interaction between serialization gadgets and typing, related
     to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

For Debian 8 "Jessie", these problems have been fixed in version
2.4.2-2+deb8u12.

We recommend that you upgrade your jackson-databind packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5hg08ACgkQgj6WdgbD
S5acnRAAv5hpDhGsZHWogRO8eQQqejAuVBAmk6RkyCX1Z5JSNu9/IJMPpDHA+LKJ
BABqpCEp6oog3gqCf4RUSygntZqEYm2kqb+3l8kVoygJ2eqEg5SurNlr/YGX7FSc
59cq7oK3XiN6p1AQdflHVacgdI8x+qCaqK4Ve5OCMc6eCrA/nvkxFPO9hsZWVWhV
8p1D+pveO8osSBdUDkTLX01/ObxzgHbg0Xb4jqB3bRfJsb8y4gEIFCGK+xOkS6q6
PazPRn5oCFklyZkY/ZpRY/218ECT5FRupEtUnvA9mueK0VofpSpreBwMz0k1/A4Q
fYayR1R3ydIW4nlp9d556KT3JbGUrZnaeNGuYhDnKWcV/1ficSPp9AAAse3Qg22Z
1XRqgGVHIIBXclL7hyu8LU3yiYFNhj3m3Yvj/HRVMNNkQWrmsWQIDeV8T2+SIuZS
MBgPPwFuuV4fJZOgOU7B5a6Ft6O29iTXHw+USwX13Yfj5Q8EiFzc5J9ExUIohMGk
VHL7cuD6jIVyqmD8Mm9tAIuiLvC6Estl0AWhG46vNosuoHZlTfc7XIGr4POgWY2P
1flduvlIgc+tHF0y+kYRDFVTkoy3IEMAmFRjTtNJ7S3jBnKlxX6LMl/tfz1dWtlw
iB6LIvwC1EVy0O7/Vgtw0VqEUsOXx2LJxy1dH4LIUhTaFqBC/5w=
=SHmZ
-----END PGP SIGNATURE-----
Reply to: