Back

Debian Jackson-Core Vulnerability Poses DoS Risk

Severity: High (Score: 72.0)

Sources: Linuxsecurity

Published: 2026-06-10 · Updated: 2026-06-11

Keywords: jackson, packages, debian, please, note, related, complementary

Severity indicators: ot

Summary

A critical vulnerability in the Jackson-Core library has been identified, affecting multiple Debian distributions. The vulnerability, associated with CVE-2025, allows for potential Denial of Service (DoS) attacks. Affected packages include jackson-databind and jackson-dataformat-smile, which require upgrades to mitigate build failures. For Debian 11 (Bullseye), the fix is available in version 2.14.1-2~deb11u1, while Debian 12 (Bookworm) and Debian 13 (Trixie) have their respective fixes in versions 2.14.1-2~deb12u1 and 2.14.1-2~deb13u1. Users are strongly advised to upgrade their jackson-core packages to ensure system security. The vulnerability was highlighted in a recent advisory, emphasizing the urgency of the situation. Key Points: • A critical DoS vulnerability in Jackson-Core affects multiple Debian distributions. • Users must upgrade to specific versions to mitigate the risk of exploitation. • The vulnerability is tracked under CVE-2025, with fixes available for Bullseye, Bookworm, and Trixie.

Detailed Analysis

**Impact** Debian users running jackson-core and related jackson-* packages across multiple distributions (Debian 11 Bullseye, Bookworm, and Trixie) are affected. The vulnerability poses a Denial of Service (DoS) risk, potentially disrupting applications relying on these libraries. No specific sectors, geographies, or data at risk are detailed in the sources. **Technical Details** The issue involves build failures and a DoS vulnerability in the jackson-core library, tracked under CVE-2025 (exact number not fully specified). Related jackson-* packages such as jackson-databind and jackson-dataformat-* also require updates due to upstream changes. No attack vectors, malware, or IOCs are provided in the articles. **Recommended Response** Apply the updated package versions promptly: 2.14.1-2~deb11u1 for Debian 11 Bullseye, 2.14.1-2~deb12u1 for Bookworm, and 2.14.1-2~deb13u1 for Trixie. Upgrade all related jackson-* packages to prevent build failures and mitigate DoS risk. Monitor Debian security advisories and the jackson-core security tracker for further updates.

Source articles (2)

  • Debian jackson — Linuxsecurity · 2026-06-08
    Please note that related and complementary jackson-* packages like jackson- databind or the jackson-dataformat-* packages had to be upgraded as well in order to fix build failures caused by the newer…
  • Debian jackson-core Important DoS Attack Risk DSA-6336-1 CVE-2025 — Linuxsecurity · 2026-06-10
    Please note that related and complementary jackson-* packages like jackson- databind or jackson-dataformat-smile had to be upgraded as well in order to fix build failures caused by the changes to jack…

Timeline

  • 2026-06-08 — Debian Jackson-Core vulnerability advisory published: Linuxsecurity reported on the need to upgrade jackson-core packages due to build failures.
  • 2026-06-10 — CVE-2025 identified as a DoS risk: The vulnerability in Jackson-Core was confirmed to allow Denial of Service attacks, prompting urgent upgrades.

Related entities

  • Denial of Service (Attack Type)
  • Linux (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed