Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 7351-1: RESTEasy Security Advisory Updates

ubuntu
Calendar Grey March 13, 2025
Dist Ubuntu Esm H88
Critical security advisory for Ubuntu fixing multiple RESTEasy issues that could lead to information disclosure or DoS. Update recommended.
Several security issues were fixed in RESTEasy.

Summary

Several security issues were fixed in RESTEasy.

Software Description:

- resteasy: RESTEasy -- Framework for RESTful Web services and Java applications

Details:

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding

when certain errors occur. An attacker could possibly use this issue to

modify the app's behavior for other users through the network.

(CVE-2020-10688)

Mirko Selber discovered that RESTEasy improperly validated user input

during HTTP response construction. This issue could possibly allow an

attacker to cause a denial of service or execute arbitrary code.

(CVE-2020-1695)

It was discovered that RESTEasy unintentionally disclosed potentially

sensitive server information to users during the handling of certain

errors. (CVE-2020-25633)

It was discovered that RESTEasy unintentionally disclosed parts of its code

to users during the handling of certain errors. (CVE-2021-20289)

It was discovered that RESTEasy used improper perm...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libresteasy-java                3.6.2-2ubuntu0.24.10.1

Ubuntu 24.04 LTS
   libresteasy-java                3.6.2-2ubuntu0.24.04.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   libresteasy-java                3.6.2-2ubuntu0.22.04.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libresteasy-java                3.6.2-2ubuntu0.20.04.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7351-1

CVE-2020-10688, CVE-2020-1695, CVE-2020-25633, CVE-2021-20289,

CVE-2023-0482, CVE-2024-9622

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7351-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here