RHSA-2020:1644-01 -- Redhat apache-commons-collections, apache-commons-lang, bea-stax, glassfish-fastinfoset, glassfish-jaxb, glassfish-jaxb-api, jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, jackson-module-jaxb-annotations, jakarta-commons-httpclient, javassist, jss, ldapjdk, pki-core, pki-servlet-engine, python-nss, relaxngDatatype, resteasy, slf4j, stax-ex, tomcatjss, velocity, xalan-j2, xerces-j2, xml-commons-apis, xml-commons-resolver, xmlstreambuffer, xsom-0ID: oval:org.secpod.oval:def:66836 | Date: (C)2020-11-09 (M)2023-09-20 |
Class: PATCH | Family: unix |
The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.2 Release Notes linked from the References section.
Product: |
apache-commons-collections |
apache-commons-lang |
bea-stax |
glassfish-fastinfoset |
glassfish-jaxb |
glassfish-jaxb-api |
jackson-annotations |
jackson-core |
jackson-databind |
jackson-jaxrs-providers |
jackson-module-jaxb-annotations |
jakarta-commons-httpclient |
javassist |
jss |
ldapjdk |
pki-core |
pki-servlet-engine |
python-nss |
relaxngDatatype |
resteasy |
slf4j |
stax-ex |
tomcatjss |
velocity |
xalan-j2 |
xerces-j2 |
xml-commons-apis |
xml-commons-resolver |
xmlstreambuffer |
xsom-0 |