Liao Xinxi discovered that jackson-databind, a Java library used to
parse JSON and other data formats, did not properly validate user
input before attemtping deserialization This allowed an attacker to
perform code execution by providing maliciously crafted input
For the oldstable distribution (jessie), this problem has been fixed
in version 24 ...
It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, improperly validated user input prior to
deserializing because of an incomplete fix for
CVE-2017-7525
For the oldstable distribution (jessie), this problem has been fixed
in version 242-2+deb8u4
For the stable distribution (stretch), this problem ...
Debian Bug report logs -
#870848
jackson-databind: CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper
Package:
src:jackson-databind;
Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debian ...
Debian Bug report logs -
#888318
jackson-databind: CVE-2017-17485
Package:
src:jackson-databind;
Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 24 Jan 2018 22:12:05 UTC
Severity: grave
Tags ...
Debian Bug report logs -
#888316
jackson-databind: CVE-2018-5968
Package:
src:jackson-databind;
Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 24 Jan 2018 22:06:02 UTC
Severity: grave
Tags: ...
Debian Bug report logs -
#891614
jackson-databind: CVE-2018-7489: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
Package:
src:jackson-databind;
Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso < ...
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...
Synopsis
Important: Red Hat JBoss Data Grid 712 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Data Grid 712 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Synopsis
Important: Red Hat Fuse 73 security update
Type/Severity
Security Advisory: Important
Topic
A minor version update (from 72 to 73) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has ...
Synopsis
Important: devtoolset-4-jackson-databind security update
Type/Severity
Security Advisory: Important
Topic
An update for devtoolset-4-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform 713 security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71Red Hat Product Security has rated this update as having a security impact of Moderate A Co ...
Synopsis
Important: jboss-ec2-eap package for EAP 711
Type/Severity
Security Advisory: Important
Topic
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 711 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 711 for Red Ha ...
Synopsis
Important: Red Hat JBoss BPM Suite 649 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss BPM SuiteRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 707 on RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Synopsis
Important: JBoss Enterprise Application Platform 711 on RHEL 6
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impac ...
Synopsis
Important: Satellite 64 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat Satellite 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: rh-eclipse46-jackson-databind security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-eclipse46-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 710 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 710 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Synopsis
Moderate: Red Hat OpenShift Application Runtimes Thorntail 220 security & bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impactof Moderate ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security ...
Synopsis
Important: JBoss Enterprise Application Platform 711 for RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impa ...
Synopsis
Important: eap7-jboss-ec2-eap security update
Type/Severity
Security Advisory: Important
Topic
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 70 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 70 for RHEL 7Red Hat Product Security ...
Synopsis
Critical: Red Hat FIS 20 on Fuse 630 R8 security and bug fix update
Type/Severity
Security Advisory: Critical
Topic
An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 707 on RHEL 6
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a securi ...
Synopsis
Important: eap7-jboss-ec2-eap security update
Type/Severity
Security Advisory: Important
Topic
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 71 for Red Hat Ent ...
Synopsis
Important: Red Hat JBoss BRMS 649 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss BRMSRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis
Important: OpenShift Container Platform logging-elasticsearch5-container security update
Type/Severity
Security Advisory: Important
Topic
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as h ...
Synopsis
Moderate: Red Hat OpenShift Application Runtimes security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerab ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Synopsis
Important: rhvm-appliance security and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...
Synopsis
Important: rh-eclipse46-jackson-databind security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-eclipse46-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...
Synopsis
Important: rh-maven35-jackson-databind security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-maven35-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 711 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security ...
Synopsis
Important: Red Hat Fuse 750 security update
Type/Severity
Security Advisory: Important
Topic
A minor version update (from 74 to 75) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Synopsis
Important: eap6-jboss-ec2-eap security update
Type/Severity
Security Advisory: Important
Topic
An update for jboss-ec2-eap is now available for Red Hat JBoss EnterpriseApplication Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform6420, fixes several bugs, and adds various enhancements are now available from the Red Hat Cu ...
Synopsis
Important: rh-eclipse46-jackson-databind security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-eclipse46-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 707
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabilit ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 710 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis
Important: rh-eclipse47-jackson-databind security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-eclipse47-jackson-databind is now available for Red Hat Developer ToolsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis
Important: OpenShift Container Platform 4118 logging-elasticsearch5 security update
Type/Severity
Security Advisory: Important
Topic
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as havin ...
Synopsis
Important: rhvm-appliance security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for rhvm-appliance is now available for RHEV 4X RHEV-H and Agents for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis
Important: EAP Continuous Delivery Technical Preview Release 13 security update
Type/Severity
Security Advisory: Important
Topic
This is a security update for JBoss EAP Continuous Delivery 130Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services
CVE-2017-7525, CVE-2017-15095, CVE-2020-14389, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696, CVE-2020-35490, CVE-2020-35491
Affected products and versions are listed below Please upgrade your version to the appropriate version ...