Home / mailingsPDF  

[USN-8364-1] Apache Commons Lang vulnerability

Posted on 02 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8364-1
June 02, 2026

libcommons-lang-java, libcommons-lang3-java vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Apache Commons Lang could be made to crash if it received specially crafted input.

Software Description:
- libcommons-lang-java: an extension of the java.lang package
- libcommons-lang3-java: an extension of the java.lang package

Details:

It was discovered that Apache Commons Lang incorrectly handled recursion
in the ClassUtils.getClass method. An attacker could possibly use this
issue to cause Apache Commons Lang to crash, resulting in a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libcommons-lang-java 2.6-10ubuntu0.1
libcommons-lang3-java 3.14.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libcommons-lang-java 2.6-9ubuntu0.22.04.1
libcommons-lang3-java 3.11-1ubuntu0.1

Ubuntu 20.04 LTS
libcommons-lang-java 2.6-9ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
libcommons-lang3-java 3.8-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libcommons-lang-java 2.6-8ubuntu0.1~esm1
Available with Ubuntu Pro
libcommons-lang3-java 3.8-1~18.04.2+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libcommons-lang-java 2.6-6ubuntu2+esm1
Available with Ubuntu Pro
libcommons-lang3-java 3.4-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libcommons-lang-java 2.6-3ubuntu2+esm1
Available with Ubuntu Pro
libcommons-lang3-java 3.2.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8364-1
CVE-2025-48924

Package Information:
https://launchpad.net/ubuntu/+source/libcommons-lang-java/2.6-9ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/libcommons-lang3-java/3.11-1ubuntu0.1

--===============5580904279574651965==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :