4.Lock AbstractDigital

Several remotely exploitable request smuggling, memory exhaustion, and HTTP response splitting vulnerabilities have been discovered in the Netty Java NIO client/server socket framework.

These vulnerabilities could result in crashes leading to denial of service (DoS), the exposure of sensitive information, request smuggling attacks and HTTP response splitting attacks. 

An important update for Netty that fixes these dangerous bugs has been released. We urge all impacted users to apply the Netty updates issued but their distro(s) now to secure against exploits leading to downtime and compromise.

To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).