Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Debian: DSA-5315-1 Critical: libxstream-java Denial of Service Fix

debian
Calendar Grey January 11, 2023
Debian Logo
Urgent notice regarding libxstream-java addressing potential denial of service via stack overflow vulnerabilities within Debian system. Immediate action recommended.
XStream serializes Java objects to XML and back again

Summary

XStream serializes Java objects to XML and back again. Versions prior to
1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with
a stack overflow error, resulting in a denial of service only via manipulation
of the processed input stream. The attack uses the hash code implementation for
collections and maps to force recursive hash calculation causing a stack
overflow. This update handles the stack overflow and raises an
InputManipulationException instead.

For the stable distribution (bullseye), this problem has been fixed in
version 1.4.15-3+deb11u2.

We recommend that you upgrade your libxstream-java packages.

For the detailed security status of libxstream-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libxstream-java

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: libxstream-java
CVE ID: CVE-2022-41966

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.