{"id":"ALSA-2024:3061","summary":"Moderate: pki-core:10.6 and pki-deps:10.6 security update","details":"The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-01-30T02:48:11.304350Z","published":"2024-05-22T00:00:00Z","related":["CVE-2020-36518"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3061"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-36518"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2064698"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2024-3061.html"}],"affected":[{"package":{"name":"apache-commons-collections","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-collections"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.2-10.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"apache-commons-lang","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-lang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-21.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"apache-commons-net","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/apache-commons-net"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6-3.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"bea-stax-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/bea-stax-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0-16.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"fasterxml-oss-parent","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fasterxml-oss-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"49-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"glassfish-fastinfoset","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-fastinfoset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.13-9.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.12-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.11-12.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-runtime","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-runtime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.11-12.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-txw2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/glassfish-jaxb-txw2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.11-12.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-annotations","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-bom","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-bom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-databind","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-databind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-jaxrs-json-provider","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-jaxrs-json-provider"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-jaxrs-providers","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-jaxrs-providers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-module-jaxb-annotations","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-module-jaxb-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-2.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-modules-base","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-modules-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.2-2.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jackson-parent","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jackson-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"jakarta-commons-httpclient","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/jakarta-commons-httpclient"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.1-28.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"javassist","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/javassist"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.1-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"javassist-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/javassist-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.1-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"pki-servlet-engine","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pki-servlet-engine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.0.62-1.module_el8.10.0+3791+e0637953"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"relaxngDatatype","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/relaxngDatatype"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2011.1-7.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"slf4j","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.25-4.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"slf4j-jdk14","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slf4j-jdk14"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.25-4.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"stax-ex","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/stax-ex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.7-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"velocity","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/velocity"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7-24.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"xalan-j2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xalan-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.1-38.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"xerces-j2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xerces-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.11.0-34.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"xml-commons-apis","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xml-commons-apis"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.01-25.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"xml-commons-resolver","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xml-commons-resolver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-26.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"xmlstreambuffer","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xmlstreambuffer"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.4-8.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}},{"package":{"name":"xsom","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xsom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0-19.20110809svn.module_el8.5.0+2577+9e95fe00"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3061.json"}}],"schema_version":"1.7.3"}