-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-cf87377f5f 2019-10-26 17:17:38.267827 --------------------------------------------------------------------------------
Name : jackson-core Product : Fedora 31 Version : 2.10.0 Release : 1.fc31 URL : https://github.com/FasterXML/jackson-core Summary : Core part of Jackson Description : Core part of Jackson that defines Streaming API as well as basic shared abstractions.
-------------------------------------------------------------------------------- Update Information:
- Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 3 2019 Alexander Scheel ascheel@redhat.com - 2.10.0-1 - Update to latest upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1758193 - CVE-2019-16943 jackson-databind: Serialization gadgets in classes of the p6spy package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758193 [ 2 ] Bug #1758188 - CVE-2019-16942 jackson-databind: Serialization gadgets in classes of the commons-dbcp package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758188 [ 3 ] Bug #1758183 - jackson-databind: Serialization gadgets in classes of the xalan package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758183 [ 4 ] Bug #1758172 - jackson-databind: Serialization gadgets in classes of the commons-configuration package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758172 [ 5 ] Bug #1758168 - jackson-databind: Serialization gadgets in classes of the ehcache package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758168 [ 6 ] Bug #1755850 - CVE-2019-14540 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1755850 [ 7 ] Bug #1755832 - CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1755832 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-cf87377f5f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------