Debian Bug report logs -
#891614
jackson-databind: CVE-2018-7489: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
Package:
src:jackson-databind;
Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso < ...
It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, improperly validated user input prior to
deserializing because of an incomplete fix for
CVE-2017-7525
For the oldstable distribution (jessie), this problem has been fixed
in version 242-2+deb8u4
For the stable distribution (stretch), this problem ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform 713 security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71Red Hat Product Security has rated this update as having a security impact of Moderate A Co ...
Synopsis
Moderate: Red Hat OpenShift Application Runtimes Thorntail 220 security & bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impactof Moderate ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security ...
Synopsis
Critical: Red Hat FIS 20 on Fuse 630 R8 security and bug fix update
Type/Severity
Security Advisory: Critical
Topic
An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...
Synopsis
Important: OpenShift Container Platform logging-elasticsearch5-container security update
Type/Severity
Security Advisory: Important
Topic
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as h ...
Synopsis
Moderate: Red Hat OpenShift Application Runtimes security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerab ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security ...
Synopsis
Important: eap6-jboss-ec2-eap security update
Type/Severity
Security Advisory: Important
Topic
An update for jboss-ec2-eap is now available for Red Hat JBoss EnterpriseApplication Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform6420, fixes several bugs, and adds various enhancements are now available from the Red Hat Cu ...
Synopsis
Important: EAP Continuous Delivery Technical Preview Release 13 security update
Type/Severity
Security Advisory: Important
Topic
This is a security update for JBoss EAP Continuous Delivery 130Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 6420 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis
Important: OpenShift Container Platform 4118 logging-elasticsearch5 security update
Type/Severity
Security Advisory: Important
Topic
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as havin ...
FasterXML jackson-databind before 2793, 28x before 28111 and 29x before 295 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffec ...