Debian has released security update for jackson-databind package.
This release fixes around 11 vulnerabilities against jackson-databind package.
Date Reported: 24-May-2019
Fix Released On: N/A
Severity Level: N/A
Affected Packages: jackson-databind
Affected Operating System & Version:
- Debian 8 (Jessie)
- Debian 9 (Stretch)
Details:
Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.
It’s recommended to update the jackson-databind package ASAP.
For more details about the security issues, and other related information, refer to the CVE pages.
Debian Security Advisory References:
Security Database References (CVE):
- CVE-2018-11307
- CVE-2018-12022
- CVE-2018-12023
- CVE-2018-14718
- CVE-2018-14719
- CVE-2018-14720
- CVE-2018-14721
- CVE-2018-19360
- CVE-2018-19361
- CVE-2018-19362
- CVE-2019-12086
Solution:
- These issue have been fixed on Debian 9 (Stretch) in version 2.8.6-1+deb9u5.
- These issue have been fixed on Debian 8 (Jessie) in version 2.4.2-2+deb8u6.
Run the following command to install the above updates.
sudo apt install --only-upgrade jackson-databind