Debian alert DLA-4111-1 (commons-vfs)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4111-1] commons-vfs security update | |
| Date: | Wed, 02 Apr 2025 22:09:47 +0200 | |
| Message-ID: | <dd74d1fc73919b9ec8d037de17f99eb9e4d974e6.camel@debian.org> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4111-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany April 02, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : commons-vfs Version : 2.1-2+deb11u1 CVE ID : CVE-2025-27553 Debian Bug : 1101204 Arnout Engelen discovered a Relative Path Traversal vulnerability in Commons VFS, a Java library that provides a single API for accessing various different file systems. A local or remote attacker may use this flaw to access files and directories outside of a root folder. For Debian 11 bullseye, this problem has been fixed in version 2.1-2+deb11u1. We recommend that you upgrade your commons-vfs packages. For the detailed security status of commons-vfs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/commons-vfs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmftmYtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSTAw//bBL7BOHs8S2I2Hmil9hWcWjva+LePyuMSTDg2bkmZAiDtf4/Ye2zGdws 6iL/An8JtyyT+Exqc+a6NAfHfGz63JqJ+UdveFiZHAkJsotW7VC2gq4rl+dl3wrc EabFo3ycDxFyqrI8AGnwYcKfPHn/nJNaAxy30oylCfykZUMLnUFepcvVMkAfO6yR w19AHP3t8YUynGuOXuVv+gjZFLOjQGqMUFEtJqrcYVg6tUAFqXdicg+zDTThac9L 1JHFvNN6uqPN/V+6o/gSIHXWGQnxlfgwGQwGdU/eISwxnLJilfxEIY2cHAczRkuA AsYHqn+I3CJqloF+RhIWeXINSynNksJ27reZDjGdxJv0N6APIzFV+jO1gzpLi5iQ LswtRLPmVnJaa/iTpEYqq0hQkm+v0Pawc5uDVAeqKZVsxa9fmE/MrMHgpZapzkXy x6ZeNPFtJSy7MIrOmi3E2chHvMh11gTorgNgBkRvN8Yy4fgKlD0GiXEGGlf5HN5h zjR4bKveC7WO0aZWenvrFm55nCJ4f2pICio6OIwVlScmQG3T1fFG7xudvA5KiB2o YPL/cKW7hJDhpFdY5322WEFwdSiqalkGPfzjUhga4kEKAD1Kn7F7MjdSY9z8ozEA HUjUREIMR0csVm0myJVzM59L+imjw6QDFcGM3KHMXnI3p09e/xg= =3kNg -----END PGP SIGNATURE-----