Synopsis
Important: rh-maven35-jackson-databind security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
- jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
-
Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
-
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
-
BZ - 1887664
- CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
x86_64 |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
s390x |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
ppc64le |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
x86_64 |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
s390x |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
ppc64le |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
x86_64 |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
s390x |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
ppc64le |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Server for ARM) 1
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
aarch64 |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM |
rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
|
SHA-256: 5c32d823c03e3667f9eae7311644e1437332283827839c108d8f167569b0c32a |
x86_64 |
rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 59cb01ac5a2e9579948d3e2fb8fe6534ac9542ec9668d0b738144238f7edd39c |
rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
|
SHA-256: 6e89a4940ef1161d873f0bec786e9c0f6ca34946591e52fd2f8448bf7c38536c |