Debian has released security update for jackson-databind package.
This release fixes around 11 vulnerabilities against jackson-databind package.
Date Reported: 24-May-2019
Fix Released On: N/A
Severity Level: N/A
Affected Packages: jackson-databind
Affected Operating System & Version:
- Debian 8 (Jessie)
- Debian 9 (Stretch)
Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.
It’s recommended to update the jackson-databind package ASAP.
For more details about the security issues, and other related information, refer to the CVE pages.
Debian Security Advisory References:
Security Database References (CVE):
- These issue have been fixed on Debian 9 (Stretch) in version 2.8.6-1+deb9u5.
- These issue have been fixed on Debian 8 (Jessie) in version 2.4.2-2+deb8u6.
Run the following command to install the above updates.
sudo apt install --only-upgrade jackson-databind