A libxstream-java security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue where a remote attacker can terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream.