Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 25.04 USN-7630-1 critical: RESTEasy denial of service

ubuntu
Calendar Grey July 11, 2025
Dist Ubuntu Esm H88
Numerous vulnerabilities addressed in RESTEasy highlight severe threats to user privacy and application reliability.
Several security issues were fixed in resteasy, resteasy3.0.

Summary

Several security issues were fixed in resteasy, resteasy3.0.

Software Description:

- resteasy: A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications

- resteasy3.0: A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications

Details:

It was discovered that RESTEasy made insufficient use of random values in

asynchronous jobs. An attacker could possibly use this issue to steal

user data. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-6345)

It was discovered that RESTEasy enabled a vulnerable GZIP decompression

module by default. An attacker could possibly use this issue to cause a

denial of service. This issue only affected Ubuntu 14.04 LTS.

(CVE-2016-6346)

It was discovered that RESTEasy improperly made use of unsanitized data

while handling certain errors. An attacker could possibly use this issue

to cause a denial of service or execute arbitrary code.

This issue ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libresteasy-java                3.6.2-3ubuntu0.25.04.1
  libresteasy3.0-java             3.0.26-6ubuntu0.25.04.1

Ubuntu 24.10
  libresteasy3.0-java             3.0.26-6ubuntu0.24.10.1

Ubuntu 24.04 LTS
  libresteasy3.0-java             3.0.26-6ubuntu0.24.04.1

Ubuntu 22.04 LTS
  libresteasy3.0-java             3.0.26-3ubuntu0.1

Ubuntu 20.04 LTS
  libresteasy3.0-java             3.0.26-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libresteasy3.0-java             3.0.26-1~18.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libresteasy-java                3.0.6-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7630-1

CVE-2016-6345, CVE-2016-6346, CVE-2016-6347, CVE-2016-6348,

CVE-2016-7050, CVE-2020-10688, CVE-2020-1695, CVE-2020-25633,

CVE-2021-20289, CVE-2023-0482, CVE-2024-9622

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7630-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here