ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0138
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0138)
Resumen:	The remote host is missing an update for the 'jackson-databind' package(s) announced via the MGASA-2018-0138 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jackson-databind' package(s) announced via the MGASA-2018-0138 advisory. Vulnerability Insight: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper (CVE-2017-17485). A flaw was found in FasterXML jackson-databind which allows unauthenticated remote code execution due deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist (CVE-2018-5968). Affected Software/OS: 'jackson-databind' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17485 Bugtraq: 20180109 CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used (Google Search) http://www.securityfocus.com/archive/1/541652/100/0/threaded https://github.com/FasterXML/jackson-databind/issues/1855 https://security.netapp.com/advisory/ntap-20180201-0003/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us Debian Security Information: DSA-4114 (Google Search) https://www.debian.org/security/2018/dsa-4114 https://github.com/irsl/jackson-rce-via-spel/ https://www.oracle.com/security-alerts/cpuoct2020.html RedHat Security Advisories: RHSA-2018:0116 https://access.redhat.com/errata/RHSA-2018:0116 RedHat Security Advisories: RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018:0342 RedHat Security Advisories: RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0478 RedHat Security Advisories: RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0479 RedHat Security Advisories: RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0480 RedHat Security Advisories: RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:0481 RedHat Security Advisories: RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1447 RedHat Security Advisories: RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1448 RedHat Security Advisories: RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449 RedHat Security Advisories: RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450 RedHat Security Advisories: RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1451 RedHat Security Advisories: RHSA-2018:2930 https://access.redhat.com/errata/RHSA-2018:2930 RedHat Security Advisories: RHSA-2019:1782 https://access.redhat.com/errata/RHSA-2019:1782 RedHat Security Advisories: RHSA-2019:1797 https://access.redhat.com/errata/RHSA-2019:1797 RedHat Security Advisories: RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2858 RedHat Security Advisories: RHSA-2019:3149 https://access.redhat.com/errata/RHSA-2019:3149 RedHat Security Advisories: RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:3892 Common Vulnerability Exposure (CVE) ID: CVE-2018-5968 https://security.netapp.com/advisory/ntap-20180423-0002/ https://github.com/FasterXML/jackson-databind/issues/1899 RedHat Security Advisories: RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:1525
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.