[SECURITY] [DLA 4350-1] tika security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4350-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Paride Legovini
October 26, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : tika
Version : 1.22-2+deb11u1
CVE ID : CVE-2025-54988
A vulnerability has been fixed in the tika package, which distributes the
Apache Tika content analysis toolkit. The vulnerability affects the
tika-parser-pdf-module component and allows an attacker to carry out XML
External Entity injection via a crafted XFA file inside of a PDF. An attacker
may be able to read sensitive data or trigger malicious requests to internal
resources or third-party servers.
For Debian 11 bullseye, this problem has been fixed in version
1.22-2+deb11u1.
We recommend that you upgrade your tika packages.
For the detailed security status of tika please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tika
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
wsC7BAEBCgBvBYJo/n2ICRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfserZRFY3Yqkxr+u2Rl3XNXyUdPHVLKcIjOQgh4Nzd
QRYhBFYa1YXu12aSG6jdltZYYYg+AU25AABvLwgAhCR9aYF8YvM3WL6JpksC73Ef
vtfLpzWgoHWUOIrzk+cBtIYYoHxwgTXiEB25PBZIUrnn7OVoP6Pxb2darNOGv9/5
onRbNpg3vLS/4DX45pP1Fu8OQFYKpAUocagvL5V8kP4R0KR8hMUQuOfxXErkbg3B
RmwXUdZjp+qnqqxGADbBRmSE8HMZgNoaKWD6pG10QG0cbzWGWSHsZB/wTyQDMNqu
0Ln3BPu5XkK/+1L2M/TJB9OluztSJlFDj4/JoFfQYyEN/zzATaSfr8hQERUf99xb
0qxybKm2m1fN03Ls7oGrdQlI7QC3bgWvPAt8spI5iz/dgDyaKRzLcgdQr9WIZw==
=P1/g
-----END PGP SIGNATURE-----
Reply to: