Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 40 articles for you...
100

SUSE Important Security Update for netty Denial of Service 2026-2802-1

An update that solves 18 vulnerabilities can now be installed.. # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2026:2802-1 Release Date: 2026-07-08T19:06:45Z Rating: important References: * bsc#1268165 * bsc#1268169 * bsc#1268170 * bsc#1268244 * bsc#1268246 * bsc#1268247 * bsc#1268248 * bsc#1268249 * bsc#1268250 * bsc#1268251 * bsc#1268252 * bsc#1268255 * bsc#1268257 * bsc#1268258 * bsc#1268259 * bsc#1268260 * bsc#1268261 * bsc#1268262 Cross-References: * CVE-2026-44249 * CVE-2026-44250 * CVE-2026-44890 * CVE-2026-44893 * CVE-2026-45416 * CVE-2026-45536 * CVE-2026-45673 * CVE-2026-45674 * CVE-2026-46340 * CVE-2026-47244 * CVE-2026-47691 * CVE-2026-48006 * CVE-2026-48043 * CVE-2026-48059 * CVE-2026-50010 * CVE-2026-50011 * CVE-2026-50020 * CVE-2026-50560 CVSS scores: * CVE-2026-44249 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44249 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44249 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44249 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44250 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44250 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44250 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44250 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44893 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44893 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45416 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45536 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45536 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45673 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-45673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2026-45673 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2026-45674 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-45674 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-45674 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-46340 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-47244 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-47244 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-47244 ( NVD ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-47691 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-47691 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-47691 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-48006 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48006 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48006 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48043 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-48043 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-50010 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-50011 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-50011 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50011 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50011 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-50020 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-50020 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-50020 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-50560 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-50560 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-50560 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-50560 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux EnterpriseServer 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issue This update for netty, netty-tcnative fixes the following issues Upgrade netty to upstream version 4.1.135, netty-tcnative to upstream version 2.0.79: * CVE-2026-44249: IPv6 Subnet Filter Bypass via Incorrect Comparator Masking (bsc#1268165). * CVE-2026-44250: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays (bsc#1268169). * CVE-2026-44890: Unbounded Direct Memory Consumption in RedisDecoder (bsc#1268170). * CVE-2026-44893: netty-codec-haproxy: Denial of Service via malformed HAProxy message (bsc#1268244). * CVE-2026-45416: SNI handler pre-allocates up to 16 MiB from nine attacker bytes (bsc#1268246). * CVE-2026-45536: Unix-socket fd receive leaks descriptors when peer sends two at once (bsc#1268247). * CVE-2026-45673: netty-resolver-dns: DNS Cache Poisoning via predictable transaction IDs (bsc#1268248). * CVE-2026-45674: DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records (bsc#1268249). * CVE-2026-46340: netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments (bsc#1268250). * CVE-2026-47244: HTTP/2: Advertised MAX_CONCURRENT_STREAMS not enforced (bsc#1268251). * CVE-2026-47691: Insufficient Bailiwick Validation for NS Records (bsc#1268252). * CVE-2026-48006: netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator (bsc#1268255). * CVE-2026-48043:netty-codec-http2: Denial of Service due to resource leak (bsc#1268257). * CVE-2026-48059: netty-codec-haproxy: Denial of Service via memory leak from crafted PROXY protocol headers (bsc#1268258). * CVE-2026-50010: Wrapping plain trust manager silently disables hostname verification (bsc#1268259). * CVE-2026-50011: Unbounded pre-allocation in RedisArrayAggregator from RESP array length (bsc#1268260). * CVE-2026-50020: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted (bsc#1268261). * CVE-2026-50560: Netty susceptible to HTTP/2 Reset Attack with different on- the-wire signature (bsc#1268262). Changes: * MQTT: Allow MQTT 5 CONNECT with password only * ChannelInitializer: correct misleading comment on exceptionCaught route * HTTP/2: Parse request-target path like Vert.x (4.1 backport) * HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted * IpSubnetFilter: Correctly handle ipv6 * Configurable bound on RedisArrayAggregator * Redis: Limit decoded length * DNS: Ensure query id is not predictible * Wrapping plain trust manager silently disables hostname verification * MQTT: Reject malformed no-payload packets with non-zero Remaining Length * HAProxy: Reject HAProxyMessages with malformated TLV and not leak memory * SSL: Use sane defaults as limits for the client hello length and timeout * DNS: Only cache CNAME if part of the queried domain * HTTP/2: Enforce max concurrent streams for misbehaving clients * Dns: Insufficient Bailiwick Validation for NS Records * HTTP2: DelegatingDecompressorFrameListener must release memory in all cases * Pass maxAllocation to Brotli and Zstd decoders * HTTP/2: Treat clients MAX_HEADER_LIST_SIZE as advisory * Add maxWindowLog parameter to ZstdDecoder to bound memory allocation * HAProxy: Fix ByteBuf leak when parsing nested SSL TLVs * Epoll / Kqueue: Correctly handle receive of FD * SCTP:Limit the number of inflight incomplete SCTP messages and the number of fragments * Redis: Correctly release incomplete message on removal when using RedisArrayAggregator * Redis: Limit the maximum number of nested arrays * HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake * Marshalling: Explicit document security requirements * Pin HTTP/RTSP version + method normalization to Locale.US * Adaptive: Fix concurrency issue in adaptive allocator * Pin multipart Content-Type / Content-Transfer-Encoding case folding to Locale.US * Remove dead native declarations * Avoid re-parsing openssl key material with non-cached provider * IpFilter: Fix ClassCastException caused by IpSubnetFilter if only ipv6 rules are configured but remote peer is using ipv4 * Resolve all localhost addresses without querying DNS servers * HTTP2: Use 100 as default max concurrent streams setting * Route synchronous onLookupComplete exceptions via fireExceptionCaught * Fix MQTT decoder size check after variable header replay ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2802=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2802=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2802=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2802=1 * SUSE Linux Enterprise High PerformanceComputing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2802=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2802=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2802=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2802=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.135-150200.4.50.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.135-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-debugsource-2.0.79-150200.3.45.1 * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications15 SP4 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.79-150200.3.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * netty-tcnative-2.0.79-150200.3.45.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44249.html * https://www.suse.com/security/cve/CVE-2026-44250.html * https://www.suse.com/security/cve/CVE-2026-44890.html * https://www.suse.com/security/cve/CVE-2026-44893.html * https://www.suse.com/security/cve/CVE-2026-45416.html * https://www.suse.com/security/cve/CVE-2026-45536.html * https://www.suse.com/security/cve/CVE-2026-45673.html * https://www.suse.com/security/cve/CVE-2026-45674.html * https://www.suse.com/security/cve/CVE-2026-46340.html * https://www.suse.com/security/cve/CVE-2026-47244.html * https://www.suse.com/security/cve/CVE-2026-47691.html * https://www.suse.com/security/cve/CVE-2026-48006.html * https://www.suse.com/security/cve/CVE-2026-48043.html * https://www.suse.com/security/cve/CVE-2026-48059.html * https://www.suse.com/security/cve/CVE-2026-50010.html * https://www.suse.com/security/cve/CVE-2026-50011.html * https://www.suse.com/security/cve/CVE-2026-50020.html * https://www.suse.com/security/cve/CVE-2026-50560.html * https://bugzilla.suse.com/show_bug.cgi?id=1268165 * https://bugzilla.suse.com/show_bug.cgi?id=1268169 * https://bugzilla.suse.com/show_bug.cgi?id=1268170 * https://bugzilla.suse.com/show_bug.cgi?id=1268244 * https://bugzilla.suse.com/show_bug.cgi?id=1268246 * https://bugzilla.suse.com/show_bug.cgi?id=1268247 * https://bugzilla.suse.com/show_bug.cgi?id=1268248 * https://bugzilla.suse.com/show_bug.cgi?id=1268249 * https://bugzilla.suse.com/show_bug.cgi?id=1268250 * https://bugzilla.suse.com/show_bug.cgi?id=1268251 * https://bugzilla.suse.com/show_bug.cgi?id=1268252 * https://bugzilla.suse.com/show_bug.cgi?id=1268255 *https://bugzilla.suse.com/show_bug.cgi?id=1268257 * https://bugzilla.suse.com/show_bug.cgi?id=1268258 * https://bugzilla.suse.com/show_bug.cgi?id=1268259 * https://bugzilla.suse.com/show_bug.cgi?id=1268260 * https://bugzilla.suse.com/show_bug.cgi?id=1268261 * https://bugzilla.suse.com/show_bug.cgi?id=1268262 . SUSE updates netty and netty-tcnative, addressing 18 security issues with important severity ratings.. SUSE updates, netty security, netty vulnerabilities, important advisory, denial of service vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important SuSE
100

SUSE Netty Important HTTP Smuggling Vulnern 2026-2308-1

An update that solves 12 vulnerabilities can now be installed.. # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2026:2308-1 Release Date: 2026-06-09T08:14:00Z Rating: important References: * bsc#1264350 * bsc#1265243 * bsc#1265245 * bsc#1265246 * bsc#1265272 * bsc#1265273 * bsc#1265277 * bsc#1265279 * bsc#1265280 * bsc#1265292 * bsc#1265294 * bsc#1265318 Cross-References: * CVE-2026-41417 * CVE-2026-42578 * CVE-2026-42579 * CVE-2026-42580 * CVE-2026-42581 * CVE-2026-42582 * CVE-2026-42583 * CVE-2026-42584 * CVE-2026-42585 * CVE-2026-42586 * CVE-2026-42587 * CVE-2026-44248 CVSS scores: * CVE-2026-41417 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-41417 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-41417 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-42578 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42578 ( NVD ): 2.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42578 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42579 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-42579 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2026-42579 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42579 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42580 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-42580 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-42580 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-42581 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-42581 ( SUSE ): 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-42581 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42581 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-42582 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42582 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42583 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42583 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42583 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42584 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-42584 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-42584 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42584 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-42585 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42585 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-42585 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42585 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-42586 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-42586 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-42586 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42587 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42587 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-44248 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44248 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-44248 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-44248 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: *Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues * CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in `DefaultHttpRequest.setUri()` (bsc#1264350). * CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty (bsc#1265243). * CVE-2026-42579: DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding (bsc#1265272). * CVE-2026-42580: chunk size parser silently overflows int and enables request smuggling attacks (bsc#1265273). * CVE-2026-42581: TE+CL header coexistence in HTTP/1.0 requests bypasses smuggling sanitization (bsc#1265277). * CVE-2026-42583: resource exhaustion and possible denial of service via `Lz4FrameDecoder` (bsc#1265279). * CVE-2026-42584: improper handling of inboundresponses in `HttpClientCodec` can lead to response desynchronization (bsc#1265280). * CVE-2026-42585: Netty is an asynchronous, event-driven network application framework (bsc#1265292). * CVE-2026-42586: CRLF Injection in Netty Redis Codec Encoder (bsc#1265245). * CVE-2026-42587: HttpContentDecompressor maxAllocation bypass via Content- Encoding: br/zstd/snappy enables decompression bomb DoS (bsc#1265246). * CVE-2026-44248: Netty is an asynchronous, event-driven network application framework (bsc#1265294). * CVE-2026-42582: HTTP/3 QPACK literal unbounded allocation (bsc#1265318). Changes for netty: * Upgrade to upstream version 4.1.133 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2308=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2308=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2308=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2308=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2308=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2308=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2308=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2308=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2308=1 * SUSELinux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2308=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2308=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2308=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-debugsource-2.0.77-150200.3.39.1 * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.133-150200.4.46.1 * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.133-150200.4.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.77-150200.3.39.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.77-150200.3.39.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41417.html *https://www.suse.com/security/cve/CVE-2026-42578.html * https://www.suse.com/security/cve/CVE-2026-42579.html * https://www.suse.com/security/cve/CVE-2026-42580.html * https://www.suse.com/security/cve/CVE-2026-42581.html * https://www.suse.com/security/cve/CVE-2026-42582.html * https://www.suse.com/security/cve/CVE-2026-42583.html * https://www.suse.com/security/cve/CVE-2026-42584.html * https://www.suse.com/security/cve/CVE-2026-42585.html * https://www.suse.com/security/cve/CVE-2026-42586.html * https://www.suse.com/security/cve/CVE-2026-42587.html * https://www.suse.com/security/cve/CVE-2026-44248.html * https://bugzilla.suse.com/show_bug.cgi?id=1264350 * https://bugzilla.suse.com/show_bug.cgi?id=1265243 * https://bugzilla.suse.com/show_bug.cgi?id=1265245 * https://bugzilla.suse.com/show_bug.cgi?id=1265246 * https://bugzilla.suse.com/show_bug.cgi?id=1265272 * https://bugzilla.suse.com/show_bug.cgi?id=1265273 * https://bugzilla.suse.com/show_bug.cgi?id=1265277 * https://bugzilla.suse.com/show_bug.cgi?id=1265279 * https://bugzilla.suse.com/show_bug.cgi?id=1265280 * https://bugzilla.suse.com/show_bug.cgi?id=1265292 * https://bugzilla.suse.com/show_bug.cgi?id=1265294 * https://bugzilla.suse.com/show_bug.cgi?id=1265318 . Critical update for SUSE fixing 12 vulnerabilities in netty and netty-tcnative, addressing security risks.. SUSE netty security update, netty vulnerabilities, important SUSE updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 09, 2026 Important SuSE
100

SUSE Linux 15.6 Netty 2026-1353-1 Important Request Smuggling

An update that solves two vulnerabilities can now be installed.. # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2026:1353-1 Release Date: 2026-04-15T13:37:31Z Rating: important References: * bsc#1261031 * bsc#1261043 Cross-References: * CVE-2026-33870 * CVE-2026-33871 CVSS scores: * CVE-2026-33870 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33870 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33870 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33871 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33871 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33871 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33871 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: Upidate to 4.1.132: * CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to request smuggling (bsc#1261031). * CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial of service (bsc#1261043). Changelog: * Upgrade to upstream version 4.1.132 * Fixes: * Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop * Make RefCntOpenSslContext.deallocate more robust * HTTP2: Correctly account for padding when decompress * Fix high-order bit aliasingin HttpUtil.validateToken * fix: the precedence of + is higher than > > * AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() * AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf initialization failed * Don't assume CertificateFactory is thread-safe * Fix HttpObjectAggregator leaving connection stuck after 413 with AUTO_READ=false * HTTP2: Ensure preface is flushed in all cases * Fix UnsupportedOperationException in readTrailingHeaders * Fix client_max_window_bits parameter handling in permessage-deflate extension * Native transports: Fix possible fd leak when fcntl fails. * Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported * Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) * Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD * Epoll: Add null checks for safety reasons * Epoll: Use correct value to initialize mmsghdr.msg_namelen * Epoll: Fix support for IP_RECVORIGDSTADDR * AdaptivePoolingAllocator: remove ensureAccessible() call in capacity(int) method * Epoll: setTcpMg5Sig(...) might overflow * JdkZlibDecoder: accumulate decompressed output before firing channelRead * Limit the number of Continuation frames per HTTP2 Headers (bsc#1261043, CVE-2026-33871) * Stricter HTTP/1.1 chunk extension parsing (bsc#1261031, CVE-2026-33870) * rediff * Upgrade to upstream version 4.1.131 * NioDatagramChannel.block(...) does not early return on failure * Support for AWS Libcrypto (AWS-LC) netty-tcnative build * codec-dns: Decompress MX RDATA exchange domain names during DNS record decoding * Buddy allocation for large buffers in adaptive allocator * SslHandler: Only resume on EventLoop if EventLoop is not shutting down already * Wrap ECONNREFUSED in PortUnreachableException for UDP * Bump com.ning:compress-lzf (4.1) * Fix adaptive allocator bug from notnoticing failed allocation * Avoid loosing original read exception * Backport multiple adaptive allocator changes * Upgrade to version 4.1.130 * Upgrade to version 2.0.75 Final * No formal changelog present * Needed by netty > = 4.2.11 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1353=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1353=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1353=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.75-150200.3.36.1 * netty-4.1.132-150200.4.43.1 * openSUSE Leap 15.6 (noarch) * netty-tcnative-javadoc-2.0.75-150200.3.36.1 * netty-javadoc-4.1.132-150200.4.43.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.75-150200.3.36.1 * netty-tcnative-debugsource-2.0.75-150200.3.36.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.132-150200.4.43.1 * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.132-150200.4.43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33870.html * https://www.suse.com/security/cve/CVE-2026-33871.html * https://bugzilla.suse.com/show_bug.cgi?id=1261031 * https://bugzilla.suse.com/show_bug.cgi?id=1261043 . Two vulnerabilities in Netty and Netty-tcnative resolved in SUSE's important security update.. netty update important security SUSE. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 15, 2026 Important SuSE
202

openSUSE Tumbleweed netty Moderate Issues CVE-2026-33870 CVE-2026-33871

An update that solves 2 vulnerabilities can now be installed.. # netty-4.1.132-1.1 on GA media Announcement ID: openSUSE-SU-2026:10463-1 Rating: moderate Cross-References: * CVE-2026-33870 * CVE-2026-33871 CVSS scores: * CVE-2026-33870 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33870 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33871 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33871 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the netty-4.1.132-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * netty 4.1.132-1.1 * netty-bom 4.1.132-1.1 * netty-javadoc 4.1.132-1.1 * netty-parent 4.1.132-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33870.html * https://www.suse.com/security/cve/CVE-2026-33871.html . An update for openSUSE Tumbleweed addressing two moderate severity issues in netty package.. openSUSE Tumbleweed netty update vulnerabilities patch. . LinuxSecurity.com Team

Calendar%202 Apr 01, 2026 OpenSUSE
100

SUSE: netty Moderate Security Update CVE-2025-67735 Advisory 2025:4489-1

An update that solves one vulnerability can now be installed.. # Security update for netty Announcement ID: SUSE-SU-2025:4489-1 Release Date: 2025-12-19T11:02:03Z Rating: moderate References: * bsc#1255048 Cross-References: * CVE-2025-67735 CVSS scores: * CVE-2025-67735 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67735 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-67735 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: * CVE-2025-67735: lack of URI sanitization in `HttpRequestEncoder` allows for CRLF injection through a request URI and can lead to request smuggling (bsc#1255048). Other updates and bugfixes: * Version 4.1.130: * Update `lz4-java` version to 1.10.1 * Close `Channel` and fail bootstrap when setting a `ChannelOption` causes an error * Discard the following `HttpContent` for preflight request * Fix race condition in `NonStickyEventExecutorGroup` causing incorrect `inEventLoop()` results * Fix Zstd compression for large data * Fix `ZstdEncoder` not producing data when source is smaller than block * Make big endian ASCII hashcode consistent with little endian * Fix reentrancy bug in `ByteToMessageDecoder` * Add 32k and 64k size classes to adaptive allocator * Re-enable reflective field accesses in native images * Correct HTTP/2 padding length check * Fix HTTP startline validation * Fix `MpscIntQueue` bug * Build against the `org.jboss:jdk-misc` artifact that is implementing the `sun.misc` classes removed in Java 25 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4489=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4489=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-4.1.130-150200.4.40.1 * openSUSE Leap 15.6 (noarch) * netty-javadoc-4.1.130-150200.4.40.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.130-150200.4.40.1 * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.130-150200.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67735.html * https://bugzilla.suse.com/show_bug.cgi?id=1255048 . Maintain your SUSE system's security with the latest netty patch addressing request smuggling vulnerabilities.. SUSE update netty URI sanitization security fix risk management. . LinuxSecurity.com Team

Calendar%202 Dec 19, 2025 SuSE
202

openSUSE Tumbleweed: netty Moderate CVE-2025-67735 Advisory 2025:15824-1

An update that solves one vulnerability can now be installed.. # netty-4.1.130-1.1 on GA media Announcement ID: openSUSE-SU-2025:15824-1 Rating: moderate Cross-References: * CVE-2025-67735 CVSS scores: * CVE-2025-67735 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-67735 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the netty-4.1.130-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * netty 4.1.130-1.1 * netty-bom 4.1.130-1.1 * netty-javadoc 4.1.130-1.1 * netty-parent 4.1.130-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67735.html . An important update for openSUSE Tumbleweed addresses a moderate security issue in netty that requires immediate attention.. openSUSE netty update security issue vulnerability. . LinuxSecurity.com Team

Calendar%202 Dec 18, 2025 OpenSUSE
172

Ubuntu 25.10: Vital Netty HTTP Denial of Service Vulnerabilities USN-7918-1

Several security issues were fixed in Netty.. ========================================================================== Ubuntu Security Notice USN-7918-1 December 09, 2025 netty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Netty. Software Description: - netty: event-driven asynchronous network application framework Details: Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2025-58056) Jonas Konrad discovered that Netty did not properly manage memory when decoding compressed data. A remote attacker could possibly use this issue to cause Netty to consume excessive memory, resulting in a denial of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-58057) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libnetty-java 1:4.1.48-10ubuntu0.25.10.2 Ubuntu 25.04 libnetty-java 1:4.1.48-10ubuntu0.25.04.2 Ubuntu 24.04 LTS libnetty-java 1:4.1.48-9ubuntu0.1 Ubuntu 22.04 LTS libnetty-java 1:4.1.48-4+deb11u2ubuntu0.1 Ubuntu 20.04 LTS libnetty-java 1:4.1.45-1ubuntu0.1~esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS libnetty-java 1:4.1.7-4ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS libnetty-java 1:4.0.34-1ubuntu0.1~esm3 Available withUbuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7918-1 CVE-2025-58056, CVE-2025-58057 Package Information: https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.25.10.2 https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.25.04.2 https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u2ubuntu0.1 . Several Netty security issues fixed in Ubuntu affecting various releases. Update recommended for continued security.. Ubuntu Security, Netty Issues, Denial of Service, HTTP Attack, Linux Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 10, 2025 Important Ubuntu
202

openSUSE 15.6: netty, netty-tcnative Moderate SMTP Injection 2025:4087-1

An update that solves one vulnerability can now be installed.. # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2025:4087-1 Release Date: 2025-11-12T19:35:33Z Rating: moderate References: * bsc#1252097 Cross-References: * CVE-2025-59419 CVSS scores: * CVE-2025-59419 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-59419 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-59419 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: * CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery (bsc#1252097) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4087=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-4087=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4087=1 * SUSE Package Hub 1515-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4087=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4087=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.74-150200.3.33.1 * netty-4.1.128-150200.4.37.1 * openSUSE Leap 15.6 (noarch) * netty-javadoc-4.1.128-150200.4.37.1 * netty-tcnative-javadoc-2.0.74-150200.3.33.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.74-150200.3.33.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.74-150200.3.33.1 * netty-tcnative-debugsource-2.0.74-150200.3.33.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-4.1.128-150200.4.37.1 * SUSE Package Hub 15 15-SP6 (noarch) * netty-javadoc-4.1.128-150200.4.37.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.128-150200.4.37.1 * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.128-150200.4.37.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59419.html * https://bugzilla.suse.com/show_bug.cgi?id=1252097 . Security update for openSUSE addresses a moderate SMTP command injection issue in netty and netty-tcnative.. openSUSE security update, netty command injection, netty-tcnative fix. . LinuxSecurity.com Team

Calendar%202 Nov 12, 2025 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200