Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 24.10 USN: 7284-1 Critical Netty DoS and Info Leak

ubuntu
Calendar Grey February 24, 2025
Dist Ubuntu Esm H88
Ubuntu 24.10 as well as previous LTS editions have addressed critical Netty vulnerabilities. Ensure your installations are current to reduce exposure to potential threats.
Several security issues were fixed in Netty.

Summary

Several security issues were fixed in Netty.

Software Description:

- netty: Java NIO client/server socket framework

Details:

Jonathan Leitschuh discovered that Netty did not correctly handle file

permissions when writing temporary files. An attacker could possibly use

this issue to leak sensitive information. (CVE-2022-24823)

It was discovered that Netty did not correctly handle limiting the number

of fields when decoding a HTTP request. An attacker could possibly use

issue to cause a denial of service. This issue only affected

Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and

Ubuntu 24.04 LTS. (CVE-2024-29025)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libnetty-java                   1:4.1.48-10ubuntu0.1

Ubuntu 24.04 LTS
   libnetty-java                   1:4.1.48-9ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   libnetty-java                   1:4.1.48-4+deb11u2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libnetty-java                   1:4.1.45-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   libnetty-java                   1:4.1.7-4ubuntu0.1+esm3
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libnetty-java                   1:4.0.34-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7284-1

  CVE-2022-24823, CVE-2024-29025

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7284-1

Package Information

  https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here