A libjettison-java security update has been released for Debian GNU/Linux 9 Extended LTS to address several flaws where specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.

ELA-762-1 libjettison-java security update

Package : libjettison-java
Version : 1.5.3-1~deb9u1 (stretch)

Related CVEs :
CVE-2022-40150
CVE-2022-45685
CVE-2022-45693

Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors. In addition a build failure related to the update was fixed in jersey1.

  ELA-762-1 libjettison-java security update