Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: netty Moderate Security Update CVE-2025-67735 Advisory 2025:4489-1

suse
Calendar Grey December 19, 2025
Dist Suse Esm H88
Maintain your SUSE system's security with the latest netty patch addressing request smuggling vulnerabilities.
An update that solves one vulnerability can now be installed.

Summary

## This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: * CVE-2025-67735: lack of URI sanitization in `HttpRequestEncoder` allows for CRLF injection through a request URI and can lead to request smuggling (bsc#1255048). Other updates and bugfixes: * Version 4.1.130: * Update `lz4-java` version to 1.10.1 * Close `Channel` and fail bootstrap when setting a `ChannelOption` causes an error * Discard the following `HttpContent` for preflight request * Fix race condition in `NonStickyEventExecutorGroup` causing incorrect `inEventLoop()` results * Fix Zstd compression for large data * Fix `ZstdEncoder` not producing data when source is smaller than block * Make big endian ASCII hashcode consistent with little endian

References

* bsc#1255048

Cross-

* CVE-2025-67735

CVSS scores:

* CVE-2025-67735 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-67735 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-67735 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP7

* SUSE Linux Enterprise Real Time 15 SP7

* SUSE Linux Enterprise Server 15 SP7

* SUSE Linux Enterprise Server for SAP Applications 15 SP7

* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2025-67735.html

* https://bugzilla.suse.com/show_bug.cgi?id=1255048

Announcement ID: SUSE-SU-2025:4489-1
Release Date: 2025-12-19T11:02:03Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here