Updated jackson-databind packages fix security vulnerability
Publication date: 16 Nov 2017Modification date: 16 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15095
Description
An unsafe deserialization vulnerability was found due to incomplete blacklisting of the unsafe elements, due to an incomplete fix for CVE-2017-7525 (CVE-2017-15095).
References
SRPMS
5/core
- jackson-databind-2.4.3-4.2.mga5
6/core
- jackson-databind-2.7.6-1.2.mga6