You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa jackson

Sigurnosni nedostaci programskog paketa jackson

by - 0

——————————————————————————–
Fedora Update Notification
FEDORA-2019-fb23eccc03
2019-09-22 03:19:44.980980
——————————————————————————–

Name : jackson-databind
Product : Fedora 29
Version : 2.9.9.3
Release : 1.fc29
URL : https://github.com/FasterXML/jackson-databind/
Summary : General data-binding package for Jackson (2.x)
Description :
The general-purpose data-binding functionality and tree-model for Jackson Data
Processor. It builds on core streaming parser/generator package, and uses
Jackson Annotations for configuration.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-2019-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9.3-1
– Update to latest upstream release; fixes CVE-2019-12384
* Wed Feb 6 2019 Mat Booth <mat.booth@redhat.com> – 2.9.8-1
– Update to latest upstream release, fixes CVE-2018-14718 CVE-2018-147189
CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2018-12022 CVE-2018-12023
CVE-2018-14720 CVE-2018-14721
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.9.4-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-fb23eccc03’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-fb23eccc03
2019-09-22 03:19:44.980980
——————————————————————————–

Name : jackson-core
Product : Fedora 29
Version : 2.9.9
Release : 1.fc29
URL : https://github.com/FasterXML/jackson-core/
Summary : Core part of Jackson
Description :
Core part of Jackson that defines Streaming API as well
as basic shared abstractions.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9-1
– Update to latest upstream release
* Wed Feb 6 2019 Mat Booth <mat.booth@redhat.com> – 2.9.8-1
– Update to latest upstream release
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.9.4-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-fb23eccc03’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-fb23eccc03
2019-09-22 03:19:44.980980
——————————————————————————–

Name : jackson-bom
Product : Fedora 29
Version : 2.9.9
Release : 1.fc29
URL : https://github.com/FasterXML/jackson-bom
Summary : Bill of materials POM for Jackson projects
Description :
A “bill of materials” POM for Jackson dependencies.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9-1
– Update to latest upstream release
* Wed Feb 6 2019 Mat Booth <mat.booth@redhat.com> – 2.9.8-1
– Update to latest upstream release
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.9.4-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-fb23eccc03’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-fb23eccc03
2019-09-22 03:19:44.980980
——————————————————————————–

Name : jackson-annotations
Product : Fedora 29
Version : 2.9.9
Release : 1.fc29
URL : https://github.com/FasterXML/jackson-annotations/
Summary : Core annotations for Jackson data processor
Description :
Core annotations used for value types,
used by Jackson data-binding package.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9-1
– Update to latest upstream release
* Wed Feb 6 2019 Mat Booth <mat.booth@redhat.com> – 2.9.8-1
– Update to latest upstream release
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.9.4-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-fb23eccc03’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-ae6a703b8f
2019-09-22 02:25:03.365504
——————————————————————————–

Name : jackson-databind
Product : Fedora 30
Version : 2.9.9.3
Release : 1.fc30
URL : https://github.com/FasterXML/jackson-databind/
Summary : General data-binding package for Jackson (2.x)
Description :
The general-purpose data-binding functionality and tree-model for Jackson Data
Processor. It builds on core streaming parser/generator package, and uses
Jackson Annotations for configuration.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9.3-1
– Update to latest upstream release; fixes CVE-2019-12384
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-ae6a703b8f’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-ae6a703b8f
2019-09-22 02:25:03.365504
——————————————————————————–

Name : jackson-bom
Product : Fedora 30
Version : 2.9.9
Release : 1.fc30
URL : https://github.com/FasterXML/jackson-bom
Summary : Bill of materials POM for Jackson projects
Description :
A “bill of materials” POM for Jackson dependencies.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9-1
– Update to latest upstream release
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-ae6a703b8f’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-ae6a703b8f
2019-09-22 02:25:03.365504
——————————————————————————–

Name : jackson-core
Product : Fedora 30
Version : 2.9.9
Release : 1.fc30
URL : https://github.com/FasterXML/jackson-core/
Summary : Core part of Jackson
Description :
Core part of Jackson that defines Streaming API as well
as basic shared abstractions.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9-1
– Update to latest upstream release
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-ae6a703b8f’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-ae6a703b8f
2019-09-22 02:25:03.365504
——————————————————————————–

Name : jackson-annotations
Product : Fedora 30
Version : 2.9.9
Release : 1.fc30
URL : https://github.com/FasterXML/jackson-annotations/
Summary : Core annotations for Jackson data processor
Description :
Core annotations used for value types,
used by Jackson data-binding package.

——————————————————————————–
Update Information:

– Update jackson-databind to version 2.9.9.3. – Update jackson-core to version
2.9.9. – Update jackson-annotations to version 2.9.9. – Update jackson-bom to
version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
——————————————————————————–
ChangeLog:

* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> – 2.9.9-1
– Update to latest upstream release
——————————————————————————–
References:

[ 1 ] Bug #1737518 – CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1737518
[ 2 ] Bug #1725808 – CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725808
[ 3 ] Bug #1725796 – CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1725796
[ 4 ] Bug #1713469 – CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[ 5 ] Bug #1752964 – CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-ae6a703b8f’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke expat

Otkriven je sigurnosni nedostatak programske biblioteke expat za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close