FEDORA-2019-df57551f6d

security update in Fedora 29 for bouncycastle, eclipse-jgit, & 15 more

Status: stable 8 months ago

Fixes CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023 CVE-2018-14720 CVE-2018-14721 and CVE-2016-7051.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-df57551f6d

Comments 11

This update has been submitted for testing by mbooth.

mbooth edited this update.

mbooth edited this update.

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

fyi

typo in CVE-2018-147189, should be CVE-2018-14719

cheers

mbooth edited this update.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by mbooth.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 8 months ago
in testing 8 months ago
in stable 8 months ago
modified 8 months ago

Related Bugs 14

00 #1380206 CVE-2016-7051 jackson-dataformat-xml: XmlMapper is vulnerable to SSRF attack [fedora-all]
00 #1555900 jackson-datatype-jdk8: FTBFS in F28
00 #1604397 jackson-datatype-jdk8: FTBFS in Fedora rawhide
00 #1666416 CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class [fedora-all]
00 #1666419 CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes [fedora-all]
00 #1666424 CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes [fedora-all]
00 #1666429 CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class [fedora-all]
00 #1666483 CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class [fedora-all]
00 #1666486 CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class [fedora-all]
00 #1666490 CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class [fedora-all]
00 #1667118 CVE-2018-1000873 jackson-datatype-jsr310: jackson-modules-java8: DoS due to an Improper Input Validation [fedora-all]
00 #1671098 CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library [fedora-all]
00 #1671099 CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver [fedora-all]
00 #1672925 bouncycastle-1.61 is available

Automated Test Results