| Package | libxstream-java |
|---|---|
| Version | 1.4.11.1-1+deb8u5 |
| Related CVEs | CVE-2021-43859 |
It was discovered that there was a potential remote denial of service (DoS) attack in XStream, a Java library used to serialize objects to XML and back again.
An attacker could have consumed 100% of the CPU resources, but the library now monitors and accumulates the time it takes to add elements to collections, and throws an exception if a set threshold is exceeded.
For Debian 8 Jessie, these problems have been fixed in version 1.4.11.1-1+deb8u5.
We recommend that you upgrade your libxstream-java packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.