Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:1271-1 Critical: Netty Request Smuggling and Memory Fix

suse
Calendar Grey April 20, 2022
Dist Suse Esm H88
SUSE has introduced a vital update for netty, addressing five significant vulnerabilities, thus improving the security of your systems.
An update that fixes 5 vulnerabilities is now available

Summary

This update for netty fixes the following issues: - Updated to version 4.1.75: - CVE-2021-37136: Fixed an unrestricted decompressed data size in Bzip2Decoder (bsc#1190610). - CVE-2021-37137: Fixed an unrestricted chunk length in SnappyFrameDecoder, which might lead to excessive memory usage (#bsc#1190613). - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). - CVE-2021-21290: Fixed an information disclosure via the local system temporary directory (bsc#1182103). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:

Topics%20covered

Topics Covered

security advisory important system update memory management data handling request smuggling netty

References

#1182103 #1183262 #1190610 #1190613 #1193672

Cross- CVE-2021-21290 CVE-2021-21295 CVE-2021-37136

CVE-2021-37137 CVE-2021-43797

CVSS scores:

CVE-2021-21290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-21290 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2021-21295 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2021-21295 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2021-37136 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-37136 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-37137 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-37137 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1271-1
Rating: important

Topics%20covered

Topics Covered

security advisory important system update memory management data handling request smuggling netty

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here