From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1
[email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : jackson-databind
CVE ID : CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335
CVE-2019-16942 CVE-2019-16943
Debian Bug : 941530 940498 933393 930750
It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, did not properly validate user input
before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary
files on the server.
For the oldstable distribution (stretch), these problems have been fixed
in version 2.8.6-1+deb9u6.
For the stable distribution (buster), these problems have been fixed in
version 2.9.8-3+deb10u1.
We recommend that you upgrade your jackson-databind packages.
For the detailed security status of jackson-databind please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-databind
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl2ZpPgACgkQEL6Jg/PV nWTg1QgArRk3fUf/k14rPha6GlJnWtRu2tZli07NzxtebAI2Ra8vKHkv1F3xSBjx tnauaRmJXonoU7t1TU51O/F7xkxX10NXym3YyrJ4+5ac6OtGmstSkMW1CmEiS8Z7 RaQQqY8GTJe5VTjiPon+lvdxyoFIDbp3nUGj8sshrULtKQX3Bjc9dotXyu0M3/7o QjsFAOLpytx/nMS1O93rqHuO381plbaAi5EYgAPv737tV8lVH3li56FYTKRMVjEg BkBpkaDGWhqoYvTu4WviyCyon0V5PgtHuD8SkN/39QqiYoDCzfa0xPjZ3a44G0kR C6qF8E4WIw465wLrRLCuuybG6/ZrzA==
=Gifd
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)