Advisories » MGASA-2017-0255

Updated jackson-databind packages fix security vulnerability

Publication date: 11 Aug 2017
Modification date: 11 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7525

Description

A deserialization flaw was discovered in the jackson-databind which
could allow an unauthenticated user to perform code execution by sending
the maliciously crafted input to the readValue method of the
ObjectMapper (CVE-2017-7525).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21428
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CZTM7JEB4G74ZPXYZSQCSH3SC64D2MJF/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525

SRPMS

6/core

• jackson-databind-2.7.6-1.1.mga6

5/core

• jackson-databind-2.4.3-4.1.mga5