jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
エラータID: AXSA:2025-10737:01
リリース日:
2025/08/13 Wednesday - 18:40
題名:
jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- jackson-core には、スタックベースのバッファオーバーフローが
発生する問題があるため、リモートの攻撃者により、サービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-52999)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-52999
jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.
jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.
追加情報:
N/A
ダウンロード:
SRPMS
- jackson-annotations-2.19.1-1.el9_6.src.rpm
MD5: 1f3825a65760b30a0b7b2bf86ee00438
SHA-256: 0041ab26dd000bf8fe7ca81f4ef7aca4aad8c71b3bd33c6efd7c278d81b431aa
Size: 88.17 kB - jackson-core-2.19.1-1.el9_6.src.rpm
MD5: e7f065d4358c6308545e6880aacad982
SHA-256: 04012a771db50bb4cddc4d347e0ae3a8372995018b7f6f538ebb4b51bc4fc178
Size: 1.18 MB - jackson-databind-2.19.1-1.el9_6.src.rpm
MD5: ec5429a1fbd1e8a95e1a783422f5d937
SHA-256: 91690845bf00ec29e924a1730f68ccb1f2dae063f21f7e98525607e0dedf9a09
Size: 1.65 MB - jackson-jaxrs-providers-2.19.1-1.el9_6.src.rpm
MD5: f05248affa86d851126c966828e8fb76
SHA-256: 836d95036d1d2c54dcba19fa1c72c1c426be1bfe28ecf93e61e8ccf7ab2749f2
Size: 1.87 MB - jackson-modules-base-2.19.1-1.el9_6.src.rpm
MD5: ff9cde381500f3f106481f3ad09acc96
SHA-256: d60a3428a8597f7cb8b6d9230ccf97e570720c129d93ab819b67197d046ce741
Size: 2.25 MB
Asianux Server 9 for x86_64
- pki-jackson-annotations-2.19.1-1.el9_6.noarch.rpm
MD5: d704903e7215df2a6d07c8ebbf9403ba
SHA-256: 3884a90723d8b7de2d7dbaa5765869191e2d6df0bae4be815382f1ed34d2ad06
Size: 79.49 kB - pki-jackson-core-2.19.1-1.el9_6.noarch.rpm
MD5: 16c95f8ad5fd32e94a3ce4c367055a05
SHA-256: ae50b316727bcfb5806d341224141dff676913657ace1294bcd28d95515a848f
Size: 452.57 kB - pki-jackson-databind-2.19.1-1.el9_6.noarch.rpm
MD5: b9485763c4e1a2a2757cd6b097894486
SHA-256: 4b31eeb41f5e8d9105fddc982a0e107174415f763f0728150ee3af0b7c700825
Size: 1.58 MB - pki-jackson-jaxrs-json-provider-2.19.1-1.el9_6.noarch.rpm
MD5: 1d23f9bf60ebfd7cb755e3864564968b
SHA-256: 65c7dc94b6dab3f3bbcab0f51fca4385cdf3e98c8a8a5aeecab497eb4d95c848
Size: 21.14 kB - pki-jackson-jaxrs-providers-2.19.1-1.el9_6.noarch.rpm
MD5: b0bcb8803269f431e5bbea3b278a7dec
SHA-256: 1cd1a10bafa0aa9566bba1016ac0482adc87b45e82adb7860785e8f39f968a9d
Size: 46.94 kB - pki-jackson-module-jaxb-annotations-2.19.1-1.el9_6.noarch.rpm
MD5: e81d5a769d74f0ff94478e5a5cd35f41
SHA-256: 1887ba32fa7549f11a4416d681ede11e607c2e9d1fb0040a98ed1275ba1bbc15
Size: 46.43 kB
English