USN-4564-1: Apache Tika vulnerabilities

05 October 2020

Apache Tika could be made to crash if it opened a specially crafted file.

Releases

Packages

  • tika - A content analysis toolkit

Details

It was discovered that Apache Tika can have an excessive memory usage by
using a crafted or corrupt PSD file. An attacker could use it to cause a
denial of service (crash). (CVE-2020-1950, CVE-2020-1951)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.