SUSE-SU-2024:2313-1

Опубликовано: 08 июл. 2024

Источник: suse-cvrf

Описание

Security update for netty3

This update for netty3 fixes the following issues:

CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045).

Список пакетов

SUSE Enterprise Storage 7.1

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Server 15 SP2-LTSS

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Server 15 SP3-LTSS

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Server 15 SP4-LTSS

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

netty3-3.10.6-150200.3.10.1

openSUSE Leap 15.5

netty3-3.10.6-150200.3.10.1

netty3-javadoc-3.10.6-150200.3.10.1

openSUSE Leap 15.6

netty3-3.10.6-150200.3.10.1

netty3-javadoc-3.10.6-150200.3.10.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242313-1/
Link for SUSE-SU-2024:2313-1
https://lists.suse.com/pipermail/sle-updates/2024-July/035840.html
E-Mail link for SUSE-SU-2024:2313-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1222045
SUSE Bug 1222045
https://www.suse.com/security/cve/CVE-2024-29025/
SUSE CVE CVE-2024-29025 page

Описание

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.

Затронутые продукты

SUSE Enterprise Storage 7.1:netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty3-3.10.6-150200.3.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-29025.html
CVE-2024-29025
https://bugzilla.suse.com/1222045
SUSE Bug 1222045

SUSE-SU-2024:2313-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Module for Development Tools 15 SP5

SUSE Linux Enterprise Module for Development Tools 15 SP6

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-29025

Описание

Затронутые продукты

Ссылки