Several security issues were fixed in resteasy, resteasy3.0.
Software Description:
- resteasy: A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications
- resteasy3.0: A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications
Details:
It was discovered that RESTEasy made insufficient use of random values in
asynchronous jobs. An attacker could possibly use this issue to steal
user data. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-6345)
It was discovered that RESTEasy enabled a vulnerable GZIP decompression
module by default. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-6346)
It was discovered that RESTEasy improperly made use of unsanitized data
while handling certain errors. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
This issue ...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libresteasy-java 3.6.2-3ubuntu0.25.04.1
libresteasy3.0-java 3.0.26-6ubuntu0.25.04.1
Ubuntu 24.10
libresteasy3.0-java 3.0.26-6ubuntu0.24.10.1
Ubuntu 24.04 LTS
libresteasy3.0-java 3.0.26-6ubuntu0.24.04.1
Ubuntu 22.04 LTS
libresteasy3.0-java 3.0.26-3ubuntu0.1
Ubuntu 20.04 LTS
libresteasy3.0-java 3.0.26-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libresteasy3.0-java 3.0.26-1~18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libresteasy-java 3.0.6-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7630-1
CVE-2016-6345, CVE-2016-6346, CVE-2016-6347, CVE-2016-6348,
CVE-2016-7050, CVE-2020-10688, CVE-2020-1695, CVE-2020-25633,
CVE-2021-20289, CVE-2023-0482, CVE-2024-9622
Get the latest Linux and open source security news straight to your inbox.