RHSA-2020:1644-01 -- Redhat apache-commons-collections, apache-commons-lang, bea-stax, glassfish-fastinfoset, glassfish-jaxb, glassfish-jaxb-api, jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, jackson-module-jaxb-annotations, jakarta-commons-httpclient, javassist, jss, ldapjdk, pki-core, pki-servlet-engine, python-nss, relaxngDatatype, resteasy, slf4j, stax-ex, tomcatjss, velocity, xalan-j2, xerces-j2, xml-commons-apis, xml-commons-resolver, xmlstreambuffer, xsom-0
The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.2 Release Notes linked from the References section.
|
 |
30479 |
 |
423868 |
 |
250038 |
 |
909 |
 |
195843 |
 |
282 |
