Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Ubuntu 22.10: USN-6049-1 Critical: Netty Denial Of Service Risks

ubuntu
Calendar Grey April 28, 2023
Dist Ubuntu Esm H88
Debian announced patches on May 15, 2023, focusing on multiple OpenSSL flaws; ensure your devices are protected.
Several security issues were fixed in Netty.

Summary

Several security issues were fixed in Netty.

Software Description:

- netty: Java NIO client/server socket framework

Details:

It was discovered that Netty's Zlib decoders did not limit memory

allocations. A remote attacker could possibly use this issue to cause

Netty to exhaust memory via malicious input, leading to a denial of

service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM.

(CVE-2020-11612)

It was discovered that Netty created temporary files with excessive

permissions. A local attacker could possibly use this issue to expose

sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu

18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)

It was discovered that Netty did not properly validate content-length

headers. A remote attacker could possibly use this issue to smuggle

requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295,

CVE-2021-21409)

It was discovered that Netty's Bzip2 decompression decoder...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   libnetty-java                   1:4.1.48-5ubuntu0.1

Ubuntu 22.04 LTS:
   libnetty-java                   1:4.1.48-4+deb11u1build0.22.04.1

Ubuntu 20.04 ESM:
   libnetty-java                   1:4.1.45-1ubuntu0.1~esm1

Ubuntu 18.04 ESM:
   libnetty-java                   1:4.1.7-4ubuntu0.1+esm2

Ubuntu 16.04 ESM:
   libnetty-java                   1:4.0.34-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6049-1

  CVE-2020-11612, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409,

  CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881,

  CVE-2022-41915

Severity
critical
Lowest
Low
Medium
High
Critical

April 28, 2023

Package Information

  https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.