Updated jackson-databind packages fix security vulnerabilityPublication date: 24 Feb 2018
Affected Mageia releases : 6
CVE: CVE-2017-17485 , CVE-2018-5968
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper (CVE-2017-17485). A flaw was found in FasterXML jackson-databind which allows unauthenticated remote code execution due deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist (CVE-2018-5968).