Home / mailings [USN-8324-1] Apache Tika vulnerabilities
Posted on 27 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8324-1
May 27, 2026
tika vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Apache Tika.
Software Description:
- tika: A content analysis toolkit
Details:
It was discovered that Apache Tika incorrectly handled XML external
entities when parsing XFA content in PDF files. An attacker could possibly
use this issue to obtain sensitive information or send malicious requests
to internal resources or third-party servers.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libtika-java 1.22-2+deb11u1build0.22.04.1
Ubuntu 20.04 LTS
libtika-java 1.22-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8324-1
CVE-2025-54988, CVE-2025-66516
Package Information:
https://launchpad.net/ubuntu/+source/tika/1.22-2+deb11u1build0.22.04.1
--===============1316531470512636085==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
