[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2924-1] libxstream-java security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2924-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
February 15, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libxstream-java
Version        : 1.4.11.1-1+deb9u5
CVE ID         : CVE-2021-43859

It was discovered that there was a potential remote denial of service
(DoS) attack in XStream, a Java library used to serialize objects to
XML and back again.

An attacker could have consumed 100% of the CPU resources, but the
library now monitors and accumulates the time it takes to add
elements to collections, and throws an exception if a set threshold
is exceeded.

For Debian 9 "Stretch", this problem has been fixed in version
1.4.11.1-1+deb9u5.

We recommend that you upgrade your libxstream-java packages.

For the detailed security status of libxstream-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxstream-java

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmIMHOIACgkQHpU+J9Qx
Hljmqg//euoLVZW6hA4tsO1oTNS5dqa1sr81kL2Yopi+ZjJ0q8+Dh2VKu5x4gVQz
wRxXwJ7vhShe7snTm+u3ihS8Lzf0ntN8N4NLDK8hinIzlpUAK+dTP9yjf4rLFKo4
SQl4rbx/tSh1MsbFOJ8XWvWZq5NkGyefJBlKE0nioSi0JDlQbgMLNaV1muKRr/Jr
HLUAPVkhC2cyGx1eThBA+JkSSUO0Tq2Qpsvt9Pd+IAfCO2EM4JBHfJBLEe+SZr75
MkaQe02x1rKT4Ha0Kv3SYrw+fvx7lUVZqJ67M9cUOMa5Xw9i4BVuRCAnqnEQT1BD
A13MrVULz/D8WXab10mh/9iJ9QI/daAX5cOp20oUzNr7DR/vaTgLuagVZ/Da1WUw
Kep2zPN7jtc3l6U2zFpSzY74d7m0IuzC9ZJ9aYdeOHWJxTBrXINhhDulNkKi9KKg
5+qkbpHmM3gMnQKIpDL0VNMvh+TaYMB6uEHavWE9jOOjhe8WM3m7msDrMEPYwXx+
xKuG9QedZWGOFRI+uQMmvusYNUsTAozdRbkwzBfZXLgjQlynkbZ/wR/dPPtnlDan
laWXcq4a4G++zwYlIEyNr/6SUl5G2TqMBVN3LU5pFLRs/rwYrQaNo1UL5dvgwKrW
hBj6tm9kOqPblMOVlSiNFm0zdDWnv4oWapDdg/hzAdxu4tBF0Zw=
=/R5b
-----END PGP SIGNATURE-----


Reply to: