Debian jackson-core High Severity Denial of Service Information Leak Fix
debian lts
June 8, 2026
Two security vulnerabilities have been found in jackson-core, a fast and powerful JSON library for Java, which may allow an attacker to cause a denial of service by using deeply ne...
Summary
Please note that related and complementary jackson-* packages like jackson-
databind or the jackson-dataformat-* packages had to be upgraded as well in
order to fix build failures caused by the newer upstream release of jackson-
core.
For Debian 11 bullseye, these problems have been fixed in version
2.14.1-2~deb11u1.
We recommend that you upgrade your jackson-* packages.
For the detailed security status of jackson-core please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-core
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: jackson-core
Version: 2.14.1-2~deb11u1
CVE ID: CVE-2025-49128 CVE-2025-52999
Debian Bug: 1108367
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!