Debian Local Security Checks : Debian: Security Advisory (DLA-2091-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.892091
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-2091-1)
Summary:	The remote host is missing an update for the Debian 'libjackson-json-java' package(s) announced via the DLA-2091-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'libjackson-json-java' package(s) announced via the DLA-2091-1 advisory. Vulnerability Insight: Several vulnerabilities were fixed in libjackson-json-java. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 8 Jessie, these problems have been fixed in version 1.9.2-3+deb8u1. We recommend that you upgrade your libjackson-json-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'libjackson-json-java' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-15095 BugTraq ID: 103880 http://www.securityfocus.com/bid/103880 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://github.com/FasterXML/jackson-databind/issues/1680 https://github.com/FasterXML/jackson-databind/issues/1737 https://security.netapp.com/advisory/ntap-20171214-0003/ https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Debian Security Information: DSA-4037 (Google Search) https://www.debian.org/security/2017/dsa-4037 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E RedHat Security Advisories: RHSA-2017:3189 https://access.redhat.com/errata/RHSA-2017:3189 RedHat Security Advisories: RHSA-2017:3190 https://access.redhat.com/errata/RHSA-2017:3190 RedHat Security Advisories: RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018:0342 RedHat Security Advisories: RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0478 RedHat Security Advisories: RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0479 RedHat Security Advisories: RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0480 RedHat Security Advisories: RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:0481 RedHat Security Advisories: RHSA-2018:0576 https://access.redhat.com/errata/RHSA-2018:0576 RedHat Security Advisories: RHSA-2018:0577 https://access.redhat.com/errata/RHSA-2018:0577 RedHat Security Advisories: RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1447 RedHat Security Advisories: RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1448 RedHat Security Advisories: RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449 RedHat Security Advisories: RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450 RedHat Security Advisories: RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1451 RedHat Security Advisories: RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927 RedHat Security Advisories: RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2858 RedHat Security Advisories: RHSA-2019:3149 https://access.redhat.com/errata/RHSA-2019:3149 RedHat Security Advisories: RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:3892 http://www.securitytracker.com/id/1039769 Common Vulnerability Exposure (CVE) ID: CVE-2017-7525 BugTraq ID: 99623 http://www.securityfocus.com/bid/99623 https://bugzilla.redhat.com/show_bug.cgi?id=1462702 https://cwiki.apache.org/confluence/display/WW/S2-055 https://github.com/FasterXML/jackson-databind/issues/1599 https://github.com/FasterXML/jackson-databind/issues/1723 https://security.netapp.com/advisory/ntap-20171214-0002/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us Debian Security Information: DSA-4004 (Google Search) https://www.debian.org/security/2017/dsa-4004 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E RedHat Security Advisories: RHSA-2017:1834 https://access.redhat.com/errata/RHSA-2017:1834 RedHat Security Advisories: RHSA-2017:1835 https://access.redhat.com/errata/RHSA-2017:1835 RedHat Security Advisories: RHSA-2017:1836 https://access.redhat.com/errata/RHSA-2017:1836 RedHat Security Advisories: RHSA-2017:1837 https://access.redhat.com/errata/RHSA-2017:1837 RedHat Security Advisories: RHSA-2017:1839 https://access.redhat.com/errata/RHSA-2017:1839 RedHat Security Advisories: RHSA-2017:1840 https://access.redhat.com/errata/RHSA-2017:1840 RedHat Security Advisories: RHSA-2017:2477 https://access.redhat.com/errata/RHSA-2017:2477 RedHat Security Advisories: RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2017:2546 RedHat Security Advisories: RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2547 RedHat Security Advisories: RHSA-2017:2633 https://access.redhat.com/errata/RHSA-2017:2633 RedHat Security Advisories: RHSA-2017:2635 https://access.redhat.com/errata/RHSA-2017:2635 RedHat Security Advisories: RHSA-2017:2636 https://access.redhat.com/errata/RHSA-2017:2636 RedHat Security Advisories: RHSA-2017:2637 https://access.redhat.com/errata/RHSA-2017:2637 RedHat Security Advisories: RHSA-2017:2638 https://access.redhat.com/errata/RHSA-2017:2638 RedHat Security Advisories: RHSA-2017:3141 https://access.redhat.com/errata/RHSA-2017:3141 RedHat Security Advisories: RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454 RedHat Security Advisories: RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455 RedHat Security Advisories: RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456 RedHat Security Advisories: RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458 RedHat Security Advisories: RHSA-2018:0294 https://access.redhat.com/errata/RHSA-2018:0294 RedHat Security Advisories: RHSA-2019:0910 https://access.redhat.com/errata/RHSA-2019:0910 http://www.securitytracker.com/id/1039744 http://www.securitytracker.com/id/1039947 http://www.securitytracker.com/id/1040360 Common Vulnerability Exposure (CVE) ID: CVE-2019-10172 [cassandra-commits] 20200407 [jira] [Created] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ? https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20200413 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ? https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ? https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20200420 [jira] [Updated] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ? https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20200818 [jira] [Created] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172 https://lists.apache.org/thread.html/re646dcc2739d92117bf9a76a33c600ed3b65e8b4e9b6f441e366b72b%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20200818 [jira] [Updated] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172 https://lists.apache.org/thread.html/re07c51a8026c11e6e5513bfdc66d52d1c1027053e480fb8073356257%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20200819 [jira] [Updated] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172 https://lists.apache.org/thread.html/r4bbfa1439d7a4e1712e260bfc3d90f7cf997abfd641cccde6432d4ab%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ? https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20210926 [jira] [Commented] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172 https://lists.apache.org/thread.html/r385c35a7c6f4acaacf37fe22922bb8e2aed9d322d0fa6dc1d45acddb%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20210927 [jira] [Assigned] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172 https://lists.apache.org/thread.html/r634468eb3218ab02713128ff6f4818c618622b2b3de4d958138dde49%40%3Ccommits.cassandra.apache.org%3E [cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172 https://lists.apache.org/thread.html/r21ac3570ce865b8f1e5d26e492aeb714a6aaa53a0c9a6f72ef181556%40%3Ccommits.cassandra.apache.org%3E [debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update [debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update [hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/rd3a34d663e2a25b9ab1e8a1a94712cd5f100f098578aec79af48161e%40%3Ccommon-dev.hadoop.apache.org%3E [hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r33d25a342af84102903cd9dec8338a5bcba3ecfce10505bdfe793b92%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20200825 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/rb8c09b14fd57d855dc21e0a037dc29258c2cbe9c1966bfff453a02e4%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20200825 [jira] [Updated] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r48a32f2dd6976d33f7a12b7e09ec7ea1895f8facba82b565587c28ac%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210320 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r04ecadefb27cda84b699130b11b96427f1d8a7a4066d8292f7f15ed8%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210906 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r1f07e61b3ebabd3e5b4aa97bf1b26d98b793fdfa29a23dac60633f55%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210907 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r08e1b73fabd986dcd2ddd7d09480504d1472264bed2f19b1d2002a9c%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r4176155240cdc36aad7869932d9c29551742c7fa630f209fb4a8e649%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r0d8c3e32a0a2d8a0b6118f5b3487d363afdda80c996d7b930097383d%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/rb036bf32e4dacc49335e3bdc1be8e53d6f54df692ac8e2251a6884bd%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/r1cc8bce2cf3dfce08a64c4fa20bf38d33b56ad995cee2e382f522f83%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-common-issues] 20210927 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172 https://lists.apache.org/thread.html/rd27730cfc3066dfcf15927c8e800603728d5dedf17eee1f8c6e3507c%40%3Ccommon-issues.hadoop.apache.org%3E [hadoop-user] 20210317 jackson-mapper-asl vulnerability at Hadoop https://lists.apache.org/thread.html/r43c6f75d203b8afc4fbd6c3200db0384a18a11c59d085b1a9bb0ccfe%40%3Cuser.hadoop.apache.org%3E [hive-dev] 20210318 CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar https://lists.apache.org/thread.html/r5f16a1bd31a7e94ca78eda686179930781aa3a4a990cd55986703581%40%3Cdev.hive.apache.org%3E [hive-dev] 20210318 [jira] [Created] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar https://lists.apache.org/thread.html/rce00a1c60f7df4b10e72fa87827c102f55b074bb91993631df2c21f9%40%3Cdev.hive.apache.org%3E [hive-issues] 20210318 [jira] [Assigned] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar https://lists.apache.org/thread.html/r6dea2a887f5eb1d68f124d64b14cd1a04f682f06de8cd01b7e4214e0%40%3Cissues.hive.apache.org%3E [hive-issues] 20210318 [jira] [Comment Edited] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b950f42e99fca9b4e%40%3Cissues.hive.apache.org%3E [hive-issues] 20210318 [jira] [Commented] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar https://lists.apache.org/thread.html/r500867b74f42230a3d65b8aec31fc93ac390eeae737c91a759ab94cb%40%3Cissues.hive.apache.org%3E [hive-issues] 20210318 [jira] [Updated] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar https://lists.apache.org/thread.html/r1edabcfacdad42d3c830464e9cf07a9a489059a7b7a8642cf055542d%40%3Cissues.hive.apache.org%3E [hive-issues] 20210729 [jira] [Resolved] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a%40%3Cissues.hive.apache.org%3E [spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10172
Copyright	Copyright (C) 2020 Greenbone AG