Fixes CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023 CVE-2018-14720 CVE-2018-14721 and CVE-2016-7051.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-df57551f6d

This update has been submitted for testing by mbooth.

a year ago

mbooth edited this update.

a year ago

mbooth edited this update.

a year ago

This update has been pushed to testing.

a year ago
User Icon besser82 commented & provided feedback a year ago
karma

Works great! LGTM! =)

User Icon lewassec commented & provided feedback a year ago

fyi

typo in CVE-2018-147189, should be CVE-2018-14719

cheers

mbooth edited this update.

a year ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for batched by mbooth.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

BZ#1380206 CVE-2016-7051 jackson-dataformat-xml: XmlMapper is vulnerable to SSRF attack [fedora-all]
0
0
BZ#1555900 jackson-datatype-jdk8: FTBFS in F28
0
0
BZ#1604397 jackson-datatype-jdk8: FTBFS in Fedora rawhide
0
0
BZ#1666416 CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class [fedora-all]
0
0
BZ#1666419 CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes [fedora-all]
0
0
BZ#1666424 CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes [fedora-all]
0
0
BZ#1666429 CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class [fedora-all]
0
0
BZ#1666483 CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class [fedora-all]
0
0
BZ#1666486 CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class [fedora-all]
0
0
BZ#1666490 CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class [fedora-all]
0
0
BZ#1667118 CVE-2018-1000873 jackson-datatype-jsr310: jackson-modules-java8: DoS due to an Improper Input Validation [fedora-all]
0
0
BZ#1671098 CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library [fedora-all]
0
0
BZ#1671099 CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver [fedora-all]
0
0
BZ#1672925 bouncycastle-1.61 is available
0
0

Automated Test Results