A libxstream-java security update has been released for Debian GNU/Linux 8 Extended LTS to address a potential remote denial of service (DoS) attack.
ELA-564-1 libxstream-java security update
Package libxstream-java
ELA-564-1 libxstream-java security update
Version 1.4.11.1-1+deb8u5
Related CVEs CVE-2021-43859
It was discovered that there was a potential remote denial of service (DoS) attack in XStream, a Java library used to serialize objects to XML and back again.
An attacker could have consumed 100% of the CPU resources, but the library now monitors and accumulates the time it takes to add elements to collections, and throws an exception if a set threshold is exceeded.
For Debian 8 Jessie, these problems have been fixed in version 1.4.11.1-1+deb8u5.
We recommend that you upgrade your libxstream-java packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
