stable

bouncycastle-1.61-1.fc29, eclipse-jgit-5.2.0-4.fc29, & 15 more

FEDORA-2019-df57551f6d created by mbooth 5 years ago for Fedora 29

Fixes CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023 CVE-2018-14720 CVE-2018-14721 and CVE-2016-7051.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-df57551f6d

This update has been submitted for testing by mbooth.

5 years ago

mbooth edited this update.

5 years ago

mbooth edited this update.

5 years ago

This update has been pushed to testing.

5 years ago
User Icon besser82 commented & provided feedback 5 years ago
karma

Works great! LGTM! =)

User Icon lewassec commented & provided feedback 5 years ago

fyi

typo in CVE-2018-147189, should be CVE-2018-14719

cheers

mbooth edited this update.

5 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

5 years ago

This update has been submitted for batched by mbooth.

5 years ago

This update has been submitted for stable by bodhi.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

BZ#1380206 CVE-2016-7051 jackson-dataformat-xml: XmlMapper is vulnerable to SSRF attack [fedora-all]
0
0
BZ#1555900 jackson-datatype-jdk8: FTBFS in F28
0
0
BZ#1604397 jackson-datatype-jdk8: FTBFS in Fedora rawhide
0
0
BZ#1666416 CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class [fedora-all]
0
0
BZ#1666419 CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes [fedora-all]
0
0
BZ#1666424 CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes [fedora-all]
0
0
BZ#1666429 CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class [fedora-all]
0
0
BZ#1666483 CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class [fedora-all]
0
0
BZ#1666486 CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class [fedora-all]
0
0
BZ#1666490 CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class [fedora-all]
0
0
BZ#1667118 CVE-2018-1000873 jackson-datatype-jsr310: jackson-modules-java8: DoS due to an Improper Input Validation [fedora-all]
0
0
BZ#1671098 CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library [fedora-all]
0
0
BZ#1671099 CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver [fedora-all]
0
0
BZ#1672925 bouncycastle-1.61 is available
0
0

Automated Test Results