• Update jackson-databind to version 2.9.9.3.
  • Update jackson-core to version 2.9.9.
  • Update jackson-annotations to version 2.9.9.
  • Update jackson-bom to version 2.9.9.

Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-fb23eccc03
This update has been submitted for testing by decathorpe. 2 months ago
This update's test gating status has been changed to 'waiting'. 2 months ago
This update's test gating status has been changed to 'ignored'. 2 months ago
This update has been pushed to testing. 2 months ago
decathorpe edited this update. 2 months ago
This update can be pushed to stable now if the maintainer wishes 2 months ago
This update has been submitted for stable by bodhi. 2 months ago
This update has been pushed to stable. 2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
modified
2 months ago
BZ#1713469 CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
0
0
BZ#1725796 CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
0
0
BZ#1725808 CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
0
0
BZ#1737518 CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
0
0
BZ#1752964 CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
0
0

Automated Test Results