Advisories ยป MGASA-2017-0408

Updated jackson-databind packages fix security vulnerability

Publication date: 16 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15095

Description

An unsafe deserialization vulnerability was found due to incomplete
blacklisting of the unsafe elements, due to an incomplete fix for
CVE-2017-7525 (CVE-2017-15095).
                

References

SRPMS

6/core

5/core