Debian Security Advisory
DLA-2161-1 tika -- LTS security update
- Date Reported:
- 28 Mar 2020
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 954302, Bug 954303.
In Mitre's CVE dictionary: CVE-2020-1950, CVE-2020-1951.
- More information:
Two security issues have been detected in tika.
carefully crafted or corrupt PSD file can cause excessive memory usage in Apache.
Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser.
For Debian 8
Jessie, these problems have been fixed in version 1.5-1+deb8u1.
We recommend that you upgrade your tika packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS