Test ID:	1.3.6.1.4.1.25623.1.0.704004
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4004-1)
Summary:	The remote host is missing an update for the Debian 'jackson-databind' package(s) announced via the DSA-4004-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'jackson-databind' package(s) announced via the DSA-4004-1 advisory. Vulnerability Insight: Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.2-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.8.6-1+deb9u1. We recommend that you upgrade your jackson-databind packages. Affected Software/OS: 'jackson-databind' package(s) on Debian 8, Debian 9. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7525 BugTraq ID: 99623 http://www.securityfocus.com/bid/99623 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://bugzilla.redhat.com/show_bug.cgi?id=1462702 https://cwiki.apache.org/confluence/display/WW/S2-055 https://github.com/FasterXML/jackson-databind/issues/1599 https://github.com/FasterXML/jackson-databind/issues/1723 https://security.netapp.com/advisory/ntap-20171214-0002/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Debian Security Information: DSA-4004 (Google Search) https://www.debian.org/security/2017/dsa-4004 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E RedHat Security Advisories: RHSA-2017:1834 https://access.redhat.com/errata/RHSA-2017:1834 RedHat Security Advisories: RHSA-2017:1835 https://access.redhat.com/errata/RHSA-2017:1835 RedHat Security Advisories: RHSA-2017:1836 https://access.redhat.com/errata/RHSA-2017:1836 RedHat Security Advisories: RHSA-2017:1837 https://access.redhat.com/errata/RHSA-2017:1837 RedHat Security Advisories: RHSA-2017:1839 https://access.redhat.com/errata/RHSA-2017:1839 RedHat Security Advisories: RHSA-2017:1840 https://access.redhat.com/errata/RHSA-2017:1840 RedHat Security Advisories: RHSA-2017:2477 https://access.redhat.com/errata/RHSA-2017:2477 RedHat Security Advisories: RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2017:2546 RedHat Security Advisories: RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2547 RedHat Security Advisories: RHSA-2017:2633 https://access.redhat.com/errata/RHSA-2017:2633 RedHat Security Advisories: RHSA-2017:2635 https://access.redhat.com/errata/RHSA-2017:2635 RedHat Security Advisories: RHSA-2017:2636 https://access.redhat.com/errata/RHSA-2017:2636 RedHat Security Advisories: RHSA-2017:2637 https://access.redhat.com/errata/RHSA-2017:2637 RedHat Security Advisories: RHSA-2017:2638 https://access.redhat.com/errata/RHSA-2017:2638 RedHat Security Advisories: RHSA-2017:3141 https://access.redhat.com/errata/RHSA-2017:3141 RedHat Security Advisories: RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454 RedHat Security Advisories: RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455 RedHat Security Advisories: RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456 RedHat Security Advisories: RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458 RedHat Security Advisories: RHSA-2018:0294 https://access.redhat.com/errata/RHSA-2018:0294 RedHat Security Advisories: RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018:0342 RedHat Security Advisories: RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449 RedHat Security Advisories: RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450 RedHat Security Advisories: RHSA-2019:0910 https://access.redhat.com/errata/RHSA-2019:0910 RedHat Security Advisories: RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2858 RedHat Security Advisories: RHSA-2019:3149 https://access.redhat.com/errata/RHSA-2019:3149 http://www.securitytracker.com/id/1039744 http://www.securitytracker.com/id/1039947 http://www.securitytracker.com/id/1040360
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.