Debian LTS: DLA-3259-1: libjettison-java security update | LinuxSec...
-------------------------------------------------------------------------
Debian LTS Advisory DLA-3259-1                [email protected]
https://www.debian.org/lts/security/                      Markus Koschany
December 31, 2022                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : libjettison-java
Version        : 1.5.3-1~deb10u1
CVE ID         : CVE-2022-40150 CVE-2022-45685 CVE-2022-45693
Debian Bug     : 1022553

Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.
In addition a build failure related to the update was fixed in jersey1.
For Debian 10 buster, these problems have been fixed in version 1.5.3-1~deb10u1.
We recommend that you upgrade your libjettison-java packages.
For the detailed security status of libjettison-java please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libjettison-java
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3259-1: libjettison-java security update

December 31, 2022

Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON

Summary


Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.
In addition a build failure related to the update was fixed in jersey1.
For Debian 10 buster, these problems have been fixed in version 1.5.3-1~deb10u1.
We recommend that you upgrade your libjettison-java packages.
For the detailed security status of libjettison-java please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libjettison-java
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Severity
Package : libjettison-java
Version : 1.5.3-1~deb10u1
CVE ID : CVE-2022-40150 CVE-2022-45685 CVE-2022-45693
Debian Bug : 1022553

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.