Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Netty.
Software Description:
- netty: Java NIO client/server socket framework
Details:
It was discovered that Netty's Zlib decoders did not limit memory
allocations. A remote attacker could possibly use this issue to cause
Netty to exhaust memory via malicious input, leading to a denial of
service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM.
(CVE-2020-11612)
It was discovered that Netty created temporary files with excessive
permissions. A local attacker could possibly use this issue to expose
sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu
18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)
It was discovered that Netty did not properly validate content-length
headers. A remote attacker could possibly use this issue to smuggle
requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295,
CVE-2021-21409)
It was discovered that Netty's Bzip2 decompression decoder...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libnetty-java 1:4.1.48-5ubuntu0.1 Ubuntu 22.04 LTS: libnetty-java 1:4.1.48-4+deb11u1build0.22.04.1 Ubuntu 20.04 ESM: libnetty-java 1:4.1.45-1ubuntu0.1~esm1 Ubuntu 18.04 ESM: libnetty-java 1:4.1.7-4ubuntu0.1+esm2 Ubuntu 16.04 ESM: libnetty-java 1:4.0.34-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6049-1
CVE-2020-11612, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409,
CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881,
CVE-2022-41915
Get the latest Linux and open source security news straight to your inbox.