-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jackson-databind Version : 2.4.2-2+deb8u5 CVE ID : CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362
Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8 "Jessie", these problems have been fixed in version 2.4.2-2+deb8u5. We recommend that you upgrade your jackson-databind packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx9Fl9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRF4RAAkTCnHYNQr68Eh8EpRuha6rB2p/s2CF6RKFsaBMJL8wxm/HeNkdpVwtp9 Hns38nmiSdUAwUba7hKNGyj+v59+Je8VOWAPdPmSQJb3xLKNZdSUNL1y2fCtpkxS XJiiGXG9KaDxRoZNQiStujE7lP8yte9myudoc0NZ9f/JpqczyJo0NruLSY/rNGIw QXnprMpfSioKMj7+cgL0KVUNImpDtKRiqVq62NetV+Gc32CG+d2u0R/2hbfu20d+ gwh4/QooNk0Q4O2c7anNuoMc+jMyyai1f1tZftJqWaKHKE+33CJJssf5ITLeCj0U QeJ9fR6kkpHyHsxhQRQYx/ch5gj5d6BEyxmljanrkIw1SU+oy9R+SQBysBs6n2bt wfdL+ykvMjPIIjfqks3jTRhy1xPX9jEp7wFe/XbD8GHqXlLMgmH3lhp2vHiN1S3w yyRE+CNh6RViq4KvA4T0yjnHbrnu2F/yO1PPAdsaGqg6tDx9fGtqhlGFaCFyWUs+ f+Ee2akIE5K68e6OBPKBfepOa4Z0lCkFgxZic2TzUIt8meWDhdiDxC2f7KYmyPbE B7UDz7aHh0+Q1p78iiEfK/XU8P9ivSLsWp3nqr7Al1KobD4LHt3DTQ3mTM8FgL57 HMp7BNaCUoPiIb3otWXpE4fxPrHjahm9545JIfvxKoUyHXch+vY= =NoXV -----END PGP SIGNATURE-----