Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2025:0590-1 important: netty security issues addressed

suse
Calendar Grey February 19, 2025
Dist Suse Esm H88
Urgent notice regarding netty and netty-tcnative highlights crucial vulnerabilities. Safeguard your infrastructure promptly.
* bsc#1237037 * bsc#1237038 Cross-References: * CVE-2025-24970

Summary

## This update for netty, netty-tcnative fixes the following issues: * CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037) * CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038) Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final. Other fixes: * Fix recycling in CodecOutputList. * StreamBufferingEncoder: do not send header frame with priority by default. * Notify event loop termination future of unexpected exceptions. * Fix AccessControlException in GlobalEventExecutor. * AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency. * Support BouncyCastle FIPS for reading PEM files. * Dns: correctly encode DnsPtrRecord.

Topics%20covered

Topics Covered

security advisory high severity security issue important application crash SUSE SUSE Linux netty netty-tcnative native crash

References

* bsc#1237037

* bsc#1237038

Cross-

* CVE-2025-24970

* CVE-2025-25193

CVSS scores:

* CVE-2025-24970 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-24970 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-25193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-25193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP6

* openSUSE Leap 15.6

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0590-1
Release Date: 2025-02-19T10:34:42Z
Rating: important

Topics%20covered

Topics Covered

security advisory high severity security issue important application crash SUSE SUSE Linux netty netty-tcnative native crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here