Debian 10261 Published by

A libxstream-java security update has been released for Debian GNU/Linux 8 Extended LTS to address a potential remote denial of service (DoS) attack.



ELA-564-1 libxstream-java security update

Package libxstream-java
Version 1.4.11.1-1+deb8u5
Related CVEs CVE-2021-43859
It was discovered that there was a potential remote denial of service (DoS) attack in XStream, a Java library used to serialize objects to XML and back again.

An attacker could have consumed 100% of the CPU resources, but the library now monitors and accumulates the time it takes to add elements to collections, and throws an exception if a set threshold is exceeded.

For Debian 8 Jessie, these problems have been fixed in version 1.4.11.1-1+deb8u5.

We recommend that you upgrade your libxstream-java packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-564-1 libxstream-java security update