Debian Security Advisory 4542-1

Debian Security Advisory 4542-1: Posted Oct 7, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4542-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server.; tags | advisory, java, arbitrary, code execution; systems | linux, debian; advisories | CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943; SHA-256 | 3b0c7bdc4a347077c77854e783302a4d041ee2eb869b09d42d5f6680628b4bf5; Download | Favorite | View

Debian Security Advisory 4542-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4542-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
October 06, 2019                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jackson-databind
CVE ID         : CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 
                 CVE-2019-16942 CVE-2019-16943
Debian Bug     : 941530 940498 933393 930750

It was discovered that jackson-databind, a Java library used to parse
JSON and other data formats, did not properly validate user input
before attempting deserialization. This allowed an attacker providing
maliciously crafted input to perform code execution, or read arbitrary
files on the server.

For the oldstable distribution (stretch), these problems have been fixed
in version 2.8.6-1+deb9u6.

For the stable distribution (buster), these problems have been fixed in
version 2.9.8-3+deb10u1.

We recommend that you upgrade your jackson-databind packages.

For the detailed security status of jackson-databind please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-databind

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl2ZpPgACgkQEL6Jg/PV
nWTg1QgArRk3fUf/k14rPha6GlJnWtRu2tZli07NzxtebAI2Ra8vKHkv1F3xSBjx
tnauaRmJXonoU7t1TU51O/F7xkxX10NXym3YyrJ4+5ac6OtGmstSkMW1CmEiS8Z7
RaQQqY8GTJe5VTjiPon+lvdxyoFIDbp3nUGj8sshrULtKQX3Bjc9dotXyu0M3/7o
QjsFAOLpytx/nMS1O93rqHuO381plbaAi5EYgAPv737tV8lVH3li56FYTKRMVjEg
BkBpkaDGWhqoYvTu4WviyCyon0V5PgtHuD8SkN/39QqiYoDCzfa0xPjZ3a44G0kR
C6qF8E4WIw465wLrRLCuuybG6/ZrzA==
=Gifd
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 248 files
Ubuntu 87 files
Gentoo 31 files
Debian 19 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
jheysel-r7 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,080)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,409)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,312)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,667)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

Debian Security Advisory 4542-1

Debian Security Advisory 4542-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4542-1

Share This

Debian Security Advisory 4542-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems