Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.
Security Fix(es):
* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942)
* jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)
* jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages:
-
xmlstreambuffer-1.5.4-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
jakarta-commons-httpclient-3.1-28.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
glassfish-jaxb-txw2-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
slf4j-1.7.25-4.module_el8.6.0+2752+f1f3449e.noarch.rpm
-
jackson-jaxrs-json-provider-2.9.9-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
relaxngDatatype-2011.1-7.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
apache-commons-collections-3.2.2-10.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
javassist-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
jackson-annotations-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
xml-commons-resolver-1.2-26.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
xerces-j2-2.11.0-34.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
velocity-1.7-24.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
xalan-j2-2.7.1-38.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
slf4j-jdk14-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
jackson-databind-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
python-nss-doc-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm
-
jackson-jaxrs-providers-2.9.9-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
bea-stax-api-1.2.0-16.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
xml-commons-apis-1.4.01-25.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
glassfish-jaxb-runtime-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
jackson-core-2.10.0-1.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
python3-nss-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm
-
glassfish-fastinfoset-1.2.13-9.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
glassfish-jaxb-api-2.2.12-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
slf4j-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
apache-commons-lang-2.6-21.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
javassist-javadoc-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
xsom-0-19.20110809svn.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
stax-ex-1.7.7-8.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
glassfish-jaxb-core-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm
-
jackson-module-jaxb-annotations-2.7.6-4.module_el8.5.0+2577+9e95fe00.noarch.rpm