Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:3617-1 Critical Update: Resolving Netty Memory Vulnerabilities

suse
Calendar Grey October 18, 2022
Dist Suse Esm H88
Crucial SUSE Security Patch for netty fixes several issues concerning memory leaks and confidential data exposure.
An update that fixes four vulnerabilities is now available

Summary

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932) - CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103) - CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610) - CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2:

Topics%20covered

Topics Covered

security advisory information disclosure suse memory allocation netty

References

#1168932 #1182103 #1190610 #1190613

Cross- CVE-2020-11612 CVE-2021-21290 CVE-2021-37136

CVE-2021-37137

CVSS scores:

CVE-2020-11612 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-11612 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2021-21290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-21290 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2021-37136 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-37136 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-37137 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-37137 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3617-1
Rating: important

Topics%20covered

Topics Covered

security advisory information disclosure suse memory allocation netty

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here