Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-99FF6AA32C.NASLHistoryOct 07, 2019 - 12:00 a.m.
Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)
2019-10-0700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
45
8.3 High
AI Score
Confidence
Low
-
Update jackson-databind to version 2.9.9.3.
-
Update jackson-core to version 2.9.9.
-
Update jackson-annotations to version 2.9.9.
-
Update jackson-bom to version 2.9.9.
-
Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-99ff6aa32c.
#
include('compat.inc');
if (description)
{
script_id(129634);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");
script_cve_id(
"CVE-2019-12086",
"CVE-2019-12384",
"CVE-2019-12814",
"CVE-2019-14379",
"CVE-2019-14439"
);
script_xref(name:"FEDORA", value:"2019-99ff6aa32c");
script_name(english:"Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"- Update jackson-databind to version 2.9.9.3.
- Update jackson-core to version 2.9.9.
- Update jackson-annotations to version 2.9.9.
- Update jackson-bom to version 2.9.9.
Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,
CVE-2019-14379, and CVE-14439.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-99ff6aa32c");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14379");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/17");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-annotations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-bom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jackson-databind");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"jackson-annotations-2.9.9-1.fc31")) flag++;
if (rpm_check(release:"FC31", reference:"jackson-bom-2.9.9-1.fc31")) flag++;
if (rpm_check(release:"FC31", reference:"jackson-core-2.9.9-1.fc31")) flag++;
if (rpm_check(release:"FC31", reference:"jackson-databind-2.9.9.3-1.fc31")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jackson-annotations / jackson-bom / jackson-core / jackson-databind");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | jackson-annotations | p-cpe:/a:fedoraproject:fedora:jackson-annotations |
| fedoraproject | fedora | jackson-bom | p-cpe:/a:fedoraproject:fedora:jackson-bom |
| fedoraproject | fedora | jackson-core | p-cpe:/a:fedoraproject:fedora:jackson-core |
| fedoraproject | fedora | jackson-databind | p-cpe:/a:fedoraproject:fedora:jackson-databind |
| fedoraproject | fedora | 31 | cpe:/o:fedoraproject:fedora:31 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
bodhi.fedoraproject.org/updates/FEDORA-2019-99ff6aa32c
Related
fedora
fedora
[SECURITY] Fedora 31 Update: jackson-bom-2.9.9-1.fc31
2019-09-18 00:07:22
[SECURITY] Fedora 30 Update: jackson-databind-2.9.9.3-1.fc30
2019-09-22 02:26:43
[SECURITY] Fedora 31 Update: jackson-core-2.9.9-1.fc31
2019-09-18 00:07:22
ibm
ibm
openvas
openvas
Fedora Update for jackson-annotations FEDORA-2019-ae6a703b8f
2019-09-23 00:00:00
Fedora Update for jackson-bom FEDORA-2019-fb23eccc03
2019-09-23 00:00:00
Fedora Update for jackson-core FEDORA-2019-fb23eccc03
2019-09-23 00:00:00
nessus
nessus
Fedora 29 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-fb23eccc03)
2019-09-23 00:00:00
Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-ae6a703b8f)
2019-09-23 00:00:00
Debian DLA-1879-1 : jackson-databind security update
2019-08-13 00:00:00
redhat
redhat
debian
debian
[SECURITY] [DLA 1831-1] jackson-databind security update
2019-06-21 15:09:36
[SECURITY] [DLA 1879-1] jackson-databind security update
2019-08-12 22:19:38
[SECURITY] [DLA 1798-1] jackson-databind security update
2019-05-21 12:59:15
osv
osv
jackson-databind - security update
2019-08-12 00:00:00
jackson-databind - security update
2019-06-21 00:00:00
CVE-2019-12814
2019-06-19 14:15:10
rocky
rocky
pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update
2019-11-05 17:43:24
pki-deps:10.6 security update
2019-09-10 15:32:49
symantec
symantec
github
github
Deserialization of untrusted data in FasterXML jackson-databind
2019-07-17 15:26:12
Information exposure in FasterXML jackson-databind
2019-05-23 09:32:24
Deserialization of untrusted data in FasterXML jackson-databind
2019-08-01 19:18:06
cve
cve
veracode
veracode
Deserialization Of Untrusted Data
2019-07-31 06:49:30
Remote Code Execution (RCE) Through Deserialization
2019-05-21 02:21:56
Remote Code Execution (RCE)
2019-07-30 05:10:45
prion
prion
Remote code execution
2019-07-29 12:15:00
Path traversal
2019-07-30 11:15:00
Code injection
2019-06-19 14:15:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2020-05-22 17:10:10
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2019-05-26 03:19:49
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
2019-07-24 07:12:14
freebsd
freebsd
Payara -- A Polymorphic Typing issue in FasterXML jackson-databind
2019-05-17 00:00:00
debiancve
debiancve
redhatcve
redhatcve
ubuntucve
ubuntucve
oraclelinux
oraclelinux
pki-deps:10.6 security update
2019-09-17 00:00:00
almalinux
almalinux
Important: pki-deps:10.6 security update
2019-09-10 15:32:49
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
ubuntu
ubuntu
Jackson Databind vulnerabilities
2021-03-15 00:00:00
cloudfoundry
cloudfoundry
apple
apple
About the security content of Xcode 13.3
2022-03-14 00:00:00