Commit 6f7800b4 authored by Lev Lamberov's avatar Lev Lamberov

[SECURITY] [DSA 4542-1] jackson-databind security update

parent a056d6f8
<define-tag pagetitle>DSA-4542-1 jackson-databind</define-tag>
<define-tag report_date>2019-10-06</define-tag>
<define-tag secrefs>CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 Bug#941530 Bug#940498 Bug#933393 Bug#930750</define-tag>
<define-tag packages>jackson-databind</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
<define-tag fixed-section>no</define-tag>
#use wml::debian::security
</dl>
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, did not properly validate user input
before attempting deserialization. This allowed an attacker providing
maliciously crafted input to perform code execution, or read arbitrary
files on the server.</p>
<p>For the oldstable distribution (stretch), these problems have been fixed
in version 2.8.6-1+deb9u6.</p>
<p>For the stable distribution (buster), these problems have been fixed in
version 2.9.8-3+deb10u1.</p>
<p>We recommend that you upgrade your jackson-databind packages.</p>
<p>For the detailed security status of jackson-databind please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/jackson-databind">\
https://security-tracker.debian.org/tracker/jackson-databind</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2019/dsa-4542.data"
# $Id: $
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment