RHSA-2019:0910: Important: Red Hat Fuse 7.3 security update
This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): jackson-databind: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) struts2: ClassLoader manipulation via request parameters (CVE-2014-0112) jetty: HTTP request smuggling (CVE-2017-7657) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:0910?
The severity of RHSA-2019:0910 is classified as important due to the discovered deserialization flaw in jackson-databind.
How do I fix RHSA-2019:0910?
To fix RHSA-2019:0910, update to the latest version of Red Hat Fuse that includes the patched jackson-databind library.
What versions of Red Hat Fuse are affected by RHSA-2019:0910?
RHSA-2019:0910 affects Red Hat Fuse 7.2 and earlier versions prior to the security fix.
What type of vulnerability is addressed in RHSA-2019:0910?
RHSA-2019:0910 addresses a deserialization flaw in the jackson-databind library.
Is there a workaround for RHSA-2019:0910?
There are no documented workarounds for RHSA-2019:0910, so updating is the recommended solution.