[ALSA-2020:1644] Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2020-04-28
Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540) * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942) * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943) * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages:
  • xmlstreambuffer-1.5.4-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • jakarta-commons-httpclient-3.1-28.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • glassfish-jaxb-txw2-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • slf4j-1.7.25-4.module_el8.6.0+2752+f1f3449e.noarch.rpm
  • jackson-jaxrs-json-provider-2.9.9-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • relaxngDatatype-2011.1-7.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • apache-commons-collections-3.2.2-10.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • javassist-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • jackson-annotations-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • xml-commons-resolver-1.2-26.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • xerces-j2-2.11.0-34.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • velocity-1.7-24.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • xalan-j2-2.7.1-38.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • slf4j-jdk14-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • jackson-databind-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • python-nss-doc-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm
  • jackson-jaxrs-providers-2.9.9-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • bea-stax-api-1.2.0-16.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • xml-commons-apis-1.4.01-25.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • glassfish-jaxb-runtime-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • jackson-core-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • python3-nss-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm
  • glassfish-fastinfoset-1.2.13-9.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • glassfish-jaxb-api-2.2.12-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • slf4j-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • apache-commons-lang-2.6-21.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • javassist-javadoc-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • xsom-0-19.20110809svn.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • stax-ex-1.7.7-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • glassfish-jaxb-core-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm
  • jackson-module-jaxb-annotations-2.7.6-4.module_el8.5.0+2577+9e95fe00.noarch.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.