{"id":"ALSA-2020:1644","summary":"Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update","details":"The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)\n\n* jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T04:19:10.089814Z","published":"2020-04-28T09:00:20Z","related":["CVE-2019-14540","CVE-2019-16335","CVE-2019-16942","CVE-2019-16943","CVE-2019-17531"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2020-1644.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-14540"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-16335"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-16942"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-16943"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-17531"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-20330"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-10672"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-10673"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-8840"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-9546"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-9547"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-9548"}],"affected":[{"package":{"name":"apache-commons-collections","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-collections"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.2-10.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"apache-commons-lang","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-lang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-21.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"bea-stax-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/bea-stax-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0-16.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"glassfish-fastinfoset","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-fastinfoset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.13-9.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"glassfish-jaxb-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.12-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"glassfish-jaxb-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.11-11.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"glassfish-jaxb-runtime","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-runtime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.11-11.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"glassfish-jaxb-txw2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-txw2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.11-11.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"jackson-annotations","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.0-1.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"jackson-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.0-1.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"jackson-databind","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-databind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.0-1.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"jackson-jaxrs-json-provider","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-jaxrs-json-provider"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.9-1.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"jackson-jaxrs-providers","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-jaxrs-providers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.9-1.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"jackson-module-jaxb-annotations","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-module-jaxb-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-4.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"jakarta-commons-httpclient","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jakarta-commons-httpclient"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.1-28.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"javassist","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/javassist"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.1-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"javassist-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/javassist-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.1-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"python-nss-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python-nss-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-10.module_el8.5.0+2577+9e95fe00.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"python3-nss","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-nss"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-10.module_el8.5.0+2577+9e95fe00.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"relaxngDatatype","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/relaxngDatatype"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2011.1-7.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"slf4j","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.25-4.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"slf4j-jdk14","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slf4j-jdk14"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.25-4.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"stax-ex","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/stax-ex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.7-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"velocity","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/velocity"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7-24.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"xalan-j2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xalan-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.1-38.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"xerces-j2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xerces-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.11.0-34.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"xml-commons-apis","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xml-commons-apis"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.01-25.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"xml-commons-resolver","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xml-commons-resolver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-26.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"xmlstreambuffer","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xmlstreambuffer"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.4-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}},{"package":{"name":"xsom","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xsom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0-19.20110809svn.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1644.json"}}],"schema_version":"1.7.3"}