Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

SUSE Important Security Update for netty Denial of Service 2026-2802-1

suse
Calendar Grey July 9, 2026
Dist Suse Esm H88
SUSE updates netty and netty-tcnative, addressing 18 security issues with important severity ratings.
An update that solves 18 vulnerabilities can now be installed.

Summary

## This update for netty, netty-tcnative fixes the following issue This update for netty, netty-tcnative fixes the following issues Upgrade netty to upstream version 4.1.135, netty-tcnative to upstream version 2.0.79: * CVE-2026-44249: IPv6 Subnet Filter Bypass via Incorrect Comparator Masking (bsc#1268165). * CVE-2026-44250: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays (bsc#1268169). * CVE-2026-44890: Unbounded Direct Memory Consumption in RedisDecoder (bsc#1268170). * CVE-2026-44893: netty-codec-haproxy: Denial of Service via malformed HAProxy message (bsc#1268244). * CVE-2026-45416: SNI handler pre-allocates up to 16 MiB from nine attacker bytes (bsc#1268246). * CVE-2026-45536: Unix-socket fd receive leaks descriptors when peer sends two at once (bsc#1268247).

References

* bsc#1268165

* bsc#1268169

* bsc#1268170

* bsc#1268244

* bsc#1268246

* bsc#1268247

* bsc#1268248

* bsc#1268249

* bsc#1268250

* bsc#1268251

* bsc#1268252

* bsc#1268255

* bsc#1268257

* bsc#1268258

* bsc#1268259

* bsc#1268260

* bsc#1268261

* bsc#1268262

Cross-

* CVE-2026-44249

* CVE-2026-44250

* CVE-2026-44890

* CVE-2026-44893

* CVE-2026-45416

* CVE-2026-45536

* CVE-2026-45673

* CVE-2026-45674

* CVE-2026-46340

* CVE-2026-47244

* CVE-2026-47691

* CVE-2026-48006

* CVE-2026-48043

* CVE-2026-48059

* CVE-2026-50010

* CVE-2026-50011

* CVE-2026-50020

* CVE-2026-50560

CVSS scores:

* CVE-2026-44249 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-44249 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2802-1
Release Date: 2026-07-08T19:06:45Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.