ALSA-2024:3061

Source
https://errata.almalinux.org/8/ALSA-2024-3061.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:3061
Related
Published
2024-05-22T00:00:00Z
Modified
2024-05-29T14:51:14Z
Summary
Moderate: pki-core:10.6 and pki-deps:10.6 security update
Details

The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.

Security Fix(es):

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / apache-commons-collections

Package

Name
apache-commons-collections

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.2-10.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / apache-commons-lang

Package

Name
apache-commons-lang

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6-21.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / apache-commons-net

Package

Name
apache-commons-net

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6-3.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / bea-stax-api

Package

Name
bea-stax-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-16.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / fasterxml-oss-parent

Package

Name
fasterxml-oss-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
49-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / glassfish-fastinfoset

Package

Name
glassfish-fastinfoset

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.13-9.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-api

Package

Name
glassfish-jaxb-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.12-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-core

Package

Name
glassfish-jaxb-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-12.module_el8.10.0+3791+e0637953

AlmaLinux:8 / glassfish-jaxb-runtime

Package

Name
glassfish-jaxb-runtime

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-12.module_el8.10.0+3791+e0637953

AlmaLinux:8 / glassfish-jaxb-txw2

Package

Name
glassfish-jaxb-txw2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-12.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-annotations

Package

Name
jackson-annotations

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-bom

Package

Name
jackson-bom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-core

Package

Name
jackson-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-databind

Package

Name
jackson-databind

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-jaxrs-json-provider

Package

Name
jackson-jaxrs-json-provider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-jaxrs-providers

Package

Name
jackson-jaxrs-providers

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-module-jaxb-annotations

Package

Name
jackson-module-jaxb-annotations

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-2.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-modules-base

Package

Name
jackson-modules-base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.2-2.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jackson-parent

Package

Name
jackson-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / jakarta-commons-httpclient

Package

Name
jakarta-commons-httpclient

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.1-28.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / javassist

Package

Name
javassist

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.1-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / javassist-javadoc

Package

Name
javassist-javadoc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.1-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / pki-servlet-engine

Package

Name
pki-servlet-engine

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.0.62-1.module_el8.10.0+3791+e0637953

AlmaLinux:8 / relaxngDatatype

Package

Name
relaxngDatatype

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2011.1-7.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / slf4j

Package

Name
slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / slf4j-jdk14

Package

Name
slf4j-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / stax-ex

Package

Name
stax-ex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.7-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / velocity

Package

Name
velocity

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7-24.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xalan-j2

Package

Name
xalan-j2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-38.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xerces-j2

Package

Name
xerces-j2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.11.0-34.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-apis

Package

Name
xml-commons-apis

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.01-25.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-resolver

Package

Name
xml-commons-resolver

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-26.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xmlstreambuffer

Package

Name
xmlstreambuffer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xsom

Package

Name
xsom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0-19.20110809svn.module_el8.5.0+2577+9e95fe00