exploitDog

SUSE-SU-2023:4163-1

Опубликовано: 24 окт. 2023

Источник: suse-cvrf

Описание

Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues:

Updated netty to version 4.1.100:
- CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169).
Updated netty-tcnative to version 2.0.62 Final.

Список пакетов

Container suse/manager/5.0/x86_64/server:latest

netty-4.1.100-150200.4.20.1

Image server-image

netty-4.1.100-150200.4.20.1

SUSE Enterprise Storage 7.1

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise Module for Development Tools 15 SP4

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise Module for Package Hub 15 SP5

netty-4.1.100-150200.4.20.1

netty-javadoc-4.1.100-150200.4.20.1

netty-poms-4.1.100-150200.4.20.1

SUSE Linux Enterprise Server 15 SP2-LTSS

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise Server 15 SP3-LTSS

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

netty-tcnative-2.0.62-150200.3.16.1

openSUSE Leap 15.4

netty-4.1.100-150200.4.20.1

netty-javadoc-4.1.100-150200.4.20.1

netty-poms-4.1.100-150200.4.20.1

netty-tcnative-2.0.62-150200.3.16.1

netty-tcnative-javadoc-2.0.62-150200.3.16.1

openSUSE Leap 15.5

netty-4.1.100-150200.4.20.1

netty-javadoc-4.1.100-150200.4.20.1

netty-poms-4.1.100-150200.4.20.1

netty-tcnative-2.0.62-150200.3.16.1

netty-tcnative-javadoc-2.0.62-150200.3.16.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234163-1/
Link for SUSE-SU-2023:4163-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016824.html
E-Mail link for SUSE-SU-2023:4163-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216169
SUSE Bug 1216169
https://www.suse.com/security/cve/CVE-2023-44487/
SUSE CVE CVE-2023-44487 page

Описание

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Затронутые продукты

Container suse/manager/5.0/x86_64/server:latest:netty-4.1.100-150200.4.20.1

Image server-image:netty-4.1.100-150200.4.20.1

SUSE Enterprise Storage 7.1:netty-tcnative-2.0.62-150200.3.16.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.62-150200.3.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-44487.html
CVE-2023-44487
https://bugzilla.suse.com/1216109
SUSE Bug 1216109
https://bugzilla.suse.com/1216123
SUSE Bug 1216123
https://bugzilla.suse.com/1216169
SUSE Bug 1216169
https://bugzilla.suse.com/1216171
SUSE Bug 1216171
https://bugzilla.suse.com/1216174
SUSE Bug 1216174
https://bugzilla.suse.com/1216176
SUSE Bug 1216176
https://bugzilla.suse.com/1216181
SUSE Bug 1216181
https://bugzilla.suse.com/1216182
SUSE Bug 1216182
https://bugzilla.suse.com/1216190
SUSE Bug 1216190

Уязвимость SUSE-SU-2023:4163-1