|
|
Subscribe / Log in / New account

Debian alert DLA-4262-1 (libcommons-lang-java)



From:
              Daniel Leidert <dleidert@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4262-1] libcommons-lang-java security update


Date:
              Fri, 01 Aug 2025 05:23:04 +0200


Message-ID:
              <ce1d14125b72748c94e882adf063b54139fce5ac.camel@debian.org>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4262-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Daniel Leidert
August 01, 2025                               https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : libcommons-lang-java
Version        : 2.6-9+deb11u1
CVE ID         : CVE-2025-48924
Debian Bug     : 1109126

A vulnerability has been discovered in libcommons-lang-java, a set of
Java classes that provide helper methods for standard Java classes.

CVE-2025-48924

   An uncontrolled recursion vulnerability was discovered in
   ClassUtils.getClass() that could lead to a StackOverflowError on
   very long inputs.

For Debian 11 bullseye, this problem has been fixed in version
2.6-9+deb11u1.

We recommend that you upgrade your libcommons-lang-java packages.

For the detailed security status of libcommons-lang-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libcommons-lang-java

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmiMMxgACgkQS80FZ8KW
0F3Crg/+KwHAI1OUQPrDMsuQAOdQKGTn8ueLy+F6qz1gqS+FsTPdSCjoJWokwcIz
3JC6XnLl8JqgYw2Ps/rOIwMgY+zw7+lEl1TUDbyVpW+SQKOpDnp8zTfsB/H/nHMk
PDX6PEP2No0tnlbMyUqin/tKtkZy44F2WADBMhbCylbbgthn1y++Noz9Me4EOcqM
DW3H6D3JlnRlbSBVcjfD/1hrgKh62SE9+dJb3cg18wgedLBXbOKQ3q7UaeUXlEM1
+eNGwS96WiqEZst3A+tWgE53JY/2gykwjr7oImmf2yCw9aSW2jdMzFP9rCUvbKBk
YceZhW8iSVKPhfT0+b8fvtwjEzzQkTQsu4TNkVv1eVv0SXXcVGKFMgq5yvRSTvNw
EUwftIR8o0IES2lF4o3B6olKzcE7VriXKqW0/CpJ0KSoT4S5/9VGhSJm1zuFpinC
m+GpND8b2ws8W2phnfA5vvjdeAZ0+LJjRgFeQteji7eqcoEdSpleeyas1uK2rbkZ
WDy2HEQLlzQxp3uf/KbnW4TGlmRV4luCM8QJluafL610pBYTDXWAmFJ1P+BwoRQx
hA5bt53PMIcsFFmvDdU9RSMzF7+ZU+sKTr0F3/y/Zo4SiXijixqkGToO5OCyWw04
d/9fB8WwO9dLVbrbBMBCs21FEi/Q+pHrmCnKxwKR6kC6sWqZ2xI=
=9TUZ
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds