The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of jackson-datatype-jsr310: denial of service via Input Validation

Synthesis of the vulnerability

An attacker can trigger a fatal error via Input Validation of jackson-datatype-jsr310, in order to trigger a denial of service.
Severity of this computer vulnerability: 2/4.
Creation date: 19/02/2019.
Références of this announce: cpuoct2019, CVE-2018-1000873, FEDORA-2019-df57551f6d, VIGILANCE-VUL-28552.

Description of the vulnerability

An attacker can trigger a fatal error via Input Validation of jackson-datatype-jsr310, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as Fedora, Oracle DB, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.

Our Vigil@nce team determined that the severity of this security vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat

Fedora 29: new bouncycastle packages.
New packages are available:
  Fedora 29: bouncycastle 1.61-1.fc29

Fedora 29: new eclipse-jgit packages.
New packages are available:
  Fedora 29: eclipse-jgit 5.2.0-4.fc29

Fedora 29: new eclipse-linuxtools packages.
New packages are available:
  Fedora 29: eclipse-linuxtools 7.1.0-3.fc29

Fedora 29: new jackson-annotations packages.
New packages are available:
  Fedora 29: jackson-annotations 2.9.8-1.fc29

Fedora 29: new jackson-bom packages.
New packages are available:
  Fedora 29: jackson-bom 2.9.8-1.fc29

Fedora 29: new jackson-core packages.
New packages are available:
  Fedora 29: jackson-core 2.9.8-1.fc29

Fedora 29: new jackson-databind packages.
New packages are available:
  Fedora 29: jackson-databind 2.9.8-1.fc29

Fedora 29: new jackson-dataformats-binary packages.
New packages are available:
  Fedora 29: jackson-dataformats-binary 2.9.8-1.fc29

Fedora 29: new jackson-dataformats-text packages.
New packages are available:
  Fedora 29: jackson-dataformats-text 2.9.8-1.fc29

Fedora 29: new jackson-dataformat-xml packages.
New packages are available:
  Fedora 29: jackson-dataformat-xml 2.9.8-1.fc29

Fedora 29: new jackson-datatype-jdk8 packages.
New packages are available:
  Fedora 29: jackson-datatype-jdk8 2.9.8-1.fc29

Fedora 29: new jackson-datatype-joda packages.
New packages are available:
  Fedora 29: jackson-datatype-joda 2.9.8-1.fc29

Fedora 29: new jackson-datatypes-collections packages.
New packages are available:
  Fedora 29: jackson-datatypes-collections 2.9.8-1.fc29

Fedora 29: new jackson-jaxrs-providers packages.
New packages are available:
  Fedora 29: jackson-jaxrs-providers 2.9.8-1.fc29

Fedora 29: new jackson-module-jsonSchema packages.
New packages are available:
  Fedora 29: jackson-module-jsonSchema 2.9.8-1.fc29

Fedora 29: new jackson-modules-base packages.
New packages are available:
  Fedora 29: jackson-modules-base 2.9.8-1.fc29

Fedora 29: new jackson-parent packages.
New packages are available:
  Fedora 29: jackson-parent 2.9.1.2-1.fc29

Oracle Database: CPU of October 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2568292.1

SAS: version 9.4M6 TS1M6 11-19-2019.
The version 9.4M6 TS1M6 11-19-2019 is fixed:
  http://ftp.sas.com/techsup/download/hotfix/HF2/SAS_Security_Updates.html
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerabilities database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.