Boletines de Vulnerabilidades

DSA-4114 jackson-databind - security update

Información sobre el sistema
   
Software afectado Debian

Descripción
It was discovered that jackson-databind, a Java library used to parseJSON and other data formats, did not properly validate user inputbefore attempting deserialization. This allowed an attacker to performcode execution by providing maliciously crafted input.

More info:

https://www.debian.org/security/2018/dsa-4114

Identificadores estándar
Propiedad Valor
CVE CVE-2017-17485 ,CVE-2018-5968 and DSA-4114.

Histórico de versiones
Versión Comentario Data
1.0 Advisory issued 2018-02-16
Ministerio de Defensa
CNI
CCN
CCN-CERT