[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2111-1] jackson-databind security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : jackson-databind
Version        : 2.4.2-2+deb8u11
CVE ID         : CVE-2019-20330 CVE-2020-8840

It was found that jackson-databind, a Java library used to parse JSON and
other data formats, could deserialize data without proper validation,
allowing a maliciously client to perform remote code execution on a
service with the required characteristics.

For Debian 8 "Jessie", these problems have been fixed in version
2.4.2-2+deb8u11.

We recommend that you upgrade your jackson-databind packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5Oqe0ACgkQnUbEiOQ2
gwLYqw//e1XLJ1OluHoMmrM/STWiS2xV3LU9LMLX4smVl0hyhOHp5ASVEFVUt7jy
Djfm8x1HWpzsOJc1CZWhdp8Fo8Ya3M30WQy9C2xxe13/EQivATSw1az7vSG6Rav4
vNE71hGGe8Gcj36ZDIsA7uBBuAn3UnU0oObAKuYv41hzhOlKTmWPqIdjee3juOpL
CLiXuqSTAgG6G/FnwU4rGMWZf6SXWsl+UxHmpP0QqJQqqacYDgQ1yj1UAEOY4+6b
gEhvrqkY6bmRc0wmDnGc/LaUQQy7Ag3WRaee5Q7hwjEQuzfwWVazE2YUvoNurUd9
+FfXRFaClJ0W6cUVcjH8/HzamboFu481t76y6yTlB35ghmCqsnTozDiHZ5HuIFJr
HzODt0CP2sNyHRCcuTvMfXcZzOGTzUipX/zriRMar3KuAYnLqBwilpBtnsOAwC+Q
VQLXqsO/5sNioCQhhvnmY144fit7JXF+VD6UWCySenQfoLJZqVqlL/N5IDJfpVDI
I6BTdK2jJBb4bpiYru3WweShxisB8/Rsq9DexIE6d9BCK2sU1NJmls+hRKTsOR4H
a+mDZlcyFwVMaylCm15Izejgg7svY06f+GFLpWhlcOzVvpdYfXChB1g6l8DYINEa
OLK/IZU6b07/q6nRWBvd68btR4+hkMYa5HAwwsQ3q/fKqj6ZBpA=
=EuIx
-----END PGP SIGNATURE-----


Reply to: