Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 16.04 LTS: USN-4564-1 Moderate: Apache Tika Denial of Service

ubuntu
Calendar Grey October 6, 2020
Dist Ubuntu Esm H88
Deploying Apache Tika on Ubuntu can introduce vulnerabilities during file processing. Use strategies like updates, file type restrictions, and sandboxing to enhance security.
Apache Tika could be made to crash if it opened a specially crafted file.

Summary

Apache Tika could be made to crash if it opened a specially crafted

file.

Software Description:

- tika: A content analysis toolkit

Details:

It was discovered that Apache Tika can have an excessive memory usage by

using a crafted or corrupt PSD file. An attacker could use it to cause a

denial of service (crash). (CVE-2020-1950, CVE-2020-1951)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libtika-java                    1.5-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4564-1

CVE-2020-1950, CVE-2020-1951

=========================================================================Ubuntu Security Notice USN-4564-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here