ALSA-2020:1644

[ALSA-2020:1644] Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2020-04-28

Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.

Security Fix(es):

* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540)

* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)

* jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942)

* jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)

* jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	python-nss-doc-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm	61a26ea1c27f1ca3c6032b2f56d4060152e3e73a6ccb07181913a7ad380bad27
aarch64	python3-nss-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm	ae60fc0416f6002b600d429d0ec5f54876e7a259bd5ba480de5886d03b28e23d
noarch	xmlstreambuffer-1.5.4-8.module_el8.5.0+2577+9e95fe00.noarch.rpm	05648f42fce41f399dfe350b66a8b0e8f403b21ba77f3288ec612c6f7575b5ca
noarch	jakarta-commons-httpclient-3.1-28.module_el8.5.0+2577+9e95fe00.noarch.rpm	10bd8b35a7627089633a2b991411dbde04fc44bce205e99a070803b525ac27a8
noarch	glassfish-jaxb-txw2-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm	2848d3bd316ed4f5b46594f90449eabc1abed5974ccfd003173c4d22dbb62589
noarch	jackson-jaxrs-json-provider-2.9.9-1.module_el8.5.0+2577+9e95fe00.noarch.rpm	30a8de57049e022dbf76d851f988cf05b456a890d137584f0133db9a43f9ad9d
noarch	relaxngDatatype-2011.1-7.module_el8.5.0+2577+9e95fe00.noarch.rpm	33ef1dca728f64a392ffadafb9a0ca9d0b5d6ac4e6482b99206cda2c92c97d12
noarch	apache-commons-collections-3.2.2-10.module_el8.5.0+2577+9e95fe00.noarch.rpm	3cfda9d7dd99102c7b29705a732b41950cf92f90078f7555fc253989bc0782a0
noarch	javassist-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm	432ef2e90a105aa946ad452af5ad9f13004ac3a8ab7647254cad7a4dbd433554
noarch	jackson-annotations-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm	440df03175242d79601e8ddb93eb59d7c87ff487004b66cc62432bd042527d09
noarch	xml-commons-resolver-1.2-26.module_el8.5.0+2577+9e95fe00.noarch.rpm	4649adc067659e2a6078eb08f1686d9cbc2a8810277009d801b256853d83186b
noarch	xerces-j2-2.11.0-34.module_el8.5.0+2577+9e95fe00.noarch.rpm	553918f29e8ed7083f15f8f6b1630abb1d99dd32197a81f8aa15f6bedb2b30f4
noarch	velocity-1.7-24.module_el8.5.0+2577+9e95fe00.noarch.rpm	5a6eee4a0135a0538b924361376c7a22936d4c43dec3defb83eed5b3bb1e2897
noarch	xalan-j2-2.7.1-38.module_el8.5.0+2577+9e95fe00.noarch.rpm	5e01e9a7a21bd38e4949ec1366498734538cdb68e247e8d88bdaf0ef50802941
noarch	slf4j-jdk14-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm	5f436c322a1b3aad14621f8b6e6bec715184284b492c3ff60591f0d8bec3ffde
noarch	jackson-databind-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm	60a2804dc7c2660dd5cd314c6f9ee8c86500630c14351f06249401fcec72ac0e
noarch	jackson-jaxrs-providers-2.9.9-1.module_el8.5.0+2577+9e95fe00.noarch.rpm	6762f01d160578844b0199f2ab019101c0feb182d9cd5ce6eec75ef46869dde5
noarch	bea-stax-api-1.2.0-16.module_el8.5.0+2577+9e95fe00.noarch.rpm	6d944b415c59e5519365c59135ffef18839255c479277d2701d01e0500192256
noarch	xml-commons-apis-1.4.01-25.module_el8.5.0+2577+9e95fe00.noarch.rpm	8b391528f92eddaaf0a0dc3f634718c438659c3f97dd0d7d7131ce9d8090be64
noarch	glassfish-jaxb-runtime-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm	9686df16e5d697e4060189f8f12487883b69cacdf0f54670b6725b396f4c8262
noarch	jackson-core-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm	992a75a39a7ff26ad9ce05dec3c7c44e92368f1a33eda419de48fd6f969f4629
noarch	glassfish-fastinfoset-1.2.13-9.module_el8.5.0+2577+9e95fe00.noarch.rpm	b5cab09d52a8dc6754f3b7bc81d80d8dc4478417ca882c36785c2cc6a9253ce3
noarch	glassfish-jaxb-api-2.2.12-8.module_el8.5.0+2577+9e95fe00.noarch.rpm	beb7a887367ef8539a8eb20d5a62e1351577f84cc665b8f955d2cf96b5780024
noarch	slf4j-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm	c109b72a68915ed0cf53730c115d81ce088f19ac2582206dff3642c5076b3f17
noarch	apache-commons-lang-2.6-21.module_el8.5.0+2577+9e95fe00.noarch.rpm	c1cbb22cc5abd53350cd3fd27187e0c988d3872f91ec160039b3ad02565d2b50
noarch	javassist-javadoc-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm	d07761752107a818daea7ef556c2681fd35efa739687f7942f851ffc835dedb1
noarch	xsom-0-19.20110809svn.module_el8.5.0+2577+9e95fe00.noarch.rpm	d373cee4cbd659168ea847d6d2d6429859b6d8c9c41877d6d25a93b30cc2362a
noarch	stax-ex-1.7.7-8.module_el8.5.0+2577+9e95fe00.noarch.rpm	df93c43fcc001714d329e6035685b00548226c69384543a54f57a08a53a4fdd2
noarch	glassfish-jaxb-core-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm	f3a8585e28b69dd773b7d7ab4f83781e36e963bb23aeb03ffcbdb34b1e1cd9bb
noarch	jackson-module-jaxb-annotations-2.7.6-4.module_el8.5.0+2577+9e95fe00.noarch.rpm	fb515d40cac152aad1609b30a1c9d0055f7c1bb842273f558573965a13fed76d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.