-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2924-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb February 15, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libxstream-java Version : 1.4.11.1-1+deb9u5 CVE ID : CVE-2021-43859 It was discovered that there was a potential remote denial of service (DoS) attack in XStream, a Java library used to serialize objects to XML and back again. An attacker could have consumed 100% of the CPU resources, but the library now monitors and accumulates the time it takes to add elements to collections, and throws an exception if a set threshold is exceeded. For Debian 9 "Stretch", this problem has been fixed in version 1.4.11.1-1+deb9u5. We recommend that you upgrade your libxstream-java packages. For the detailed security status of libxstream-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxstream-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmIMHOIACgkQHpU+J9Qx Hljmqg//euoLVZW6hA4tsO1oTNS5dqa1sr81kL2Yopi+ZjJ0q8+Dh2VKu5x4gVQz wRxXwJ7vhShe7snTm+u3ihS8Lzf0ntN8N4NLDK8hinIzlpUAK+dTP9yjf4rLFKo4 SQl4rbx/tSh1MsbFOJ8XWvWZq5NkGyefJBlKE0nioSi0JDlQbgMLNaV1muKRr/Jr HLUAPVkhC2cyGx1eThBA+JkSSUO0Tq2Qpsvt9Pd+IAfCO2EM4JBHfJBLEe+SZr75 MkaQe02x1rKT4Ha0Kv3SYrw+fvx7lUVZqJ67M9cUOMa5Xw9i4BVuRCAnqnEQT1BD A13MrVULz/D8WXab10mh/9iJ9QI/daAX5cOp20oUzNr7DR/vaTgLuagVZ/Da1WUw Kep2zPN7jtc3l6U2zFpSzY74d7m0IuzC9ZJ9aYdeOHWJxTBrXINhhDulNkKi9KKg 5+qkbpHmM3gMnQKIpDL0VNMvh+TaYMB6uEHavWE9jOOjhe8WM3m7msDrMEPYwXx+ xKuG9QedZWGOFRI+uQMmvusYNUsTAozdRbkwzBfZXLgjQlynkbZ/wR/dPPtnlDan laWXcq4a4G++zwYlIEyNr/6SUl5G2TqMBVN3LU5pFLRs/rwYrQaNo1UL5dvgwKrW hBj6tm9kOqPblMOVlSiNFm0zdDWnv4oWapDdg/hzAdxu4tBF0Zw= =/R5b -----END PGP SIGNATURE-----