4 security issues in buster

package:
resteasy3.0
severity:
high
created:
2018-12-11
last updated:
2019-03-23

There are 4 open security issues in buster.
4 important issues:
  • CVE-2016-6345: RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
  • CVE-2016-6346: RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
  • CVE-2016-6348: JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
  • CVE-2016-6347: Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Please fix them.