Synopsis
Important: devtoolset-4-jackson-databind security update
Type/Severity
Security Advisory: Important
Topic
An update for devtoolset-4-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
- A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting this issue.
Affected Products
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
-
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
-
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64
Fixes
-
BZ - 1462702
- CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm
|
SHA-256: 759c97f07d68b86ddead80d77d1ac20a50b961f4d687674a6447a30329d88eb8 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: e5a49c3df0857f13aa28a7e32a651254342f92b5a6250b67dfaa9bc5088b982e |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: 3f61a105f2252584b0db4fa2d93a76129fd75c3d563b3d690d82ef6769de4c80 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm
|
SHA-256: 759c97f07d68b86ddead80d77d1ac20a50b961f4d687674a6447a30329d88eb8 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: e5a49c3df0857f13aa28a7e32a651254342f92b5a6250b67dfaa9bc5088b982e |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: 3f61a105f2252584b0db4fa2d93a76129fd75c3d563b3d690d82ef6769de4c80 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm
|
SHA-256: 759c97f07d68b86ddead80d77d1ac20a50b961f4d687674a6447a30329d88eb8 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: e5a49c3df0857f13aa28a7e32a651254342f92b5a6250b67dfaa9bc5088b982e |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: 3f61a105f2252584b0db4fa2d93a76129fd75c3d563b3d690d82ef6769de4c80 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm
|
SHA-256: 759c97f07d68b86ddead80d77d1ac20a50b961f4d687674a6447a30329d88eb8 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: e5a49c3df0857f13aa28a7e32a651254342f92b5a6250b67dfaa9bc5088b982e |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: 3f61a105f2252584b0db4fa2d93a76129fd75c3d563b3d690d82ef6769de4c80 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm
|
SHA-256: 759c97f07d68b86ddead80d77d1ac20a50b961f4d687674a6447a30329d88eb8 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: e5a49c3df0857f13aa28a7e32a651254342f92b5a6250b67dfaa9bc5088b982e |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: 3f61a105f2252584b0db4fa2d93a76129fd75c3d563b3d690d82ef6769de4c80 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm
|
SHA-256: 759c97f07d68b86ddead80d77d1ac20a50b961f4d687674a6447a30329d88eb8 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: e5a49c3df0857f13aa28a7e32a651254342f92b5a6250b67dfaa9bc5088b982e |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: 3f61a105f2252584b0db4fa2d93a76129fd75c3d563b3d690d82ef6769de4c80 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el6.src.rpm
|
SHA-256: bd9e31aa715f292ef5bede3149ed9a0dc1e234967168a1ca56d34018fb4fbe49 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el6.noarch.rpm
|
SHA-256: 0c69501d0f8a5b8da1a9ca8ee00513bd173150f327afadda7c1c613977f393a0 |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el6.noarch.rpm
|
SHA-256: 331ea0627587577cf6f714d19b13afa599a189f1fe94944272d75d1a10815ddd |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el6.src.rpm
|
SHA-256: bd9e31aa715f292ef5bede3149ed9a0dc1e234967168a1ca56d34018fb4fbe49 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el6.noarch.rpm
|
SHA-256: 0c69501d0f8a5b8da1a9ca8ee00513bd173150f327afadda7c1c613977f393a0 |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el6.noarch.rpm
|
SHA-256: 331ea0627587577cf6f714d19b13afa599a189f1fe94944272d75d1a10815ddd |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm
|
SHA-256: 759c97f07d68b86ddead80d77d1ac20a50b961f4d687674a6447a30329d88eb8 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: e5a49c3df0857f13aa28a7e32a651254342f92b5a6250b67dfaa9bc5088b982e |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm
|
SHA-256: 3f61a105f2252584b0db4fa2d93a76129fd75c3d563b3d690d82ef6769de4c80 |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6
SRPM |
devtoolset-4-jackson-databind-2.5.0-2.4.el6.src.rpm
|
SHA-256: bd9e31aa715f292ef5bede3149ed9a0dc1e234967168a1ca56d34018fb4fbe49 |
x86_64 |
devtoolset-4-jackson-databind-2.5.0-2.4.el6.noarch.rpm
|
SHA-256: 0c69501d0f8a5b8da1a9ca8ee00513bd173150f327afadda7c1c613977f393a0 |
devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el6.noarch.rpm
|
SHA-256: 331ea0627587577cf6f714d19b13afa599a189f1fe94944272d75d1a10815ddd |