Debian LTS: DLA-2030-1: jackson-databind security update

    Date 10 Dec 2019
    355
    Posted By LinuxSecurity Advisories
    More deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.
    
    Package        : jackson-databind
    Version        : 2.4.2-2+deb8u10
    CVE ID         : CVE-2019-17267 CVE-2019-17531
    
    More deserialization flaws were discovered in jackson-databind which
    could allow an unauthenticated user to perform remote code execution.
    The issue was resolved by extending the blacklist and blocking more
    classes from polymorphic deserialization.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    2.4.2-2+deb8u10.
    
    We recommend that you upgrade your jackson-databind packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    LinuxSecurity Poll

    Have you ever used tcpdump for network troubleshooting or debugging?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/36-have-you-ever-used-tcpdump-for-network-troubleshooting-or-debugging?task=poll.vote&format=json
    36
    radio
    [{"id":"125","title":"Yes","votes":"36","type":"x","order":"1","pct":80,"resources":[]},{"id":"126","title":"No ","votes":"9","type":"x","order":"2","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.