Explore top 10 tips to secure your open-source projects now. Read More
×The security update for bookworm also contains the fix for CVE-2024-29025.
Julien Viet discovered that Netty was vulnerable to allocation of resources
without limits or throttling due to the accumulation of data in the
HttpPostRequestDecoder. This would allow an attacker to cause a denial of
service.
For the oldstable distribution (bookworm), these problems have been fixed
in version 1:4.1.48-7+deb12u2.
For the stable distribution (trixie), these problems have been fixed in
version 1:4.1.48-10+deb13u1.
We recommend that you upgrade your netty packages.
For the detailed security status of netty please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/netty
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Get the latest Linux and open source security news straight to your inbox.