Login
Newsletter
Werbung

Sicherheit: Mangelnde Eingabeprüfung in jackson-databind
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in jackson-databind
ID: RHSA-2018:2088-01
Distribution: Red Hat
Plattformen: Red Hat JBoss Enterprise Application Platform
Datum: Mi, 27. Juni 2018, 18:39
Referenzen: https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.1
Applikationen: jackson-databind

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform
7.1.3 security update
Advisory ID: RHSA-2018:2088-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2088
Issue date: 2018-06-27
CVE Names: CVE-2018-7489
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.1.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2,
and includes bug fixes and enhancements, which are documented in the
Release Notes. The Release Notes for JBoss Enterprise Application Platform
can be found on the Product Documentation page, linked in References.

Security Fix(es):

* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525
permits unsafe serialization via c3p0 libraries

5. References:

https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.1
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzOg1tzjgjWX9erEAQh52w//eJuT8AJiRnIg9CGPPTSEtn7LcGhBjyZd
q5UonOvGPeWqE4/m4D3hQLUSQfQiiOKnrBA1aymoapKV2AUuJ9hR7Xx5EC4mROb5
H5tGwLU2VMZWOm2Z1xA1u3lVzAnlizBRFvpH9zNxD+q5o9Fkrajk4u9y247FaWXe
yHvw0WXyia3ZQB7igyGNewnCggtsMogVlKQHWjD2vPBIJqxV5dbiXAuoPVf2aqym
nAOwdGovth5ZrZDb6oKQ8Mpz74PNQkqLV7SIii6yEwPrXOxQv4z+lLLLdivaDua7
ZBOOz7H7hdYbGNTeIq9eHkdPcoeUZMcexN/JgFJuSpQHDzBNMpqNnyrsVjWjPPto
+wpdtcy+DYq+EYIFJSamvWlvvMqtx5vpZp+qGKjQChgNGZT7VcvFFJJo0VWj2WOJ
hf6GOOH4cThCWKWkXwuqbBEzPgSj0O24irpSgZLNkihGFBnIB8GUc6PsTkxO/ix4
o9euDT/psSvt+2L2z0hBcMFpLg3KklQktFcWwLZGc6GYryYidf2Xt2dgzV9cLMJj
aOtnkisrcYp7NIzFlubKdCs0/gWeNkg6siXili+sTnEw8DKCmj6m2t4I9i21SWyB
EMe2VaPJUAVTxWejhCg5sOoiN4CFlysHly/MigERRowlPjF85zwYhlO10taT+BN3
aDJEkpt4SMk=
=uCL2
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung