[USN-8191-1] Apache Commons IO vulnerability

========================================================================== Ubuntu Security Notice USN-8191-1 April 21, 2026 commons-io vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Apache Commons IO could be made to crash if it received specially crafted input. Software Description: - commons-io: library of utilities to assist with developing IO functionality Details: It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libcommons-io-java 2.11.0-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libcommons-io-java 2.11.0-2ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libcommons-io-java 2.6-2ubuntu0.20.04.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libcommons-io-java 2.6-2ubuntu0.18.04.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libcommons-io-java 2.4-2ubuntu0.16.04.1~esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS libcommons-io-java 2.4-2ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8191-1 CVE-2024-47554