Описание
Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative
This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues:
- CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297)
Other fixes:
- Upgraded netty to upstream version 4.1.115
- Upgraded netty-tcnative to version 2.0.69 Final
- Updated jctools to version 4.0.5
- Updated aalto-xml to version 1.3.3
- Updated moditect to version 1.2.2
- Updated flatten-maven-plugin to version 1.6.0
Список пакетов
Container suse/manager/5.0/x86_64/server:latest
aalto-xml-1.3.3-150200.5.3.1
jctools-4.0.5-150200.3.9.1
netty-4.1.115-150200.4.26.1
Image server-image
aalto-xml-1.3.3-150200.5.3.1
jctools-4.0.5-150200.3.9.1
netty-4.1.115-150200.4.26.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
netty-tcnative-2.0.69-150200.3.22.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
netty-tcnative-2.0.69-150200.3.22.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
jctools-4.0.5-150200.3.9.1
netty-4.1.115-150200.4.26.1
netty-javadoc-4.1.115-150200.4.26.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
jctools-4.0.5-150200.3.9.1
netty-4.1.115-150200.4.26.1
netty-javadoc-4.1.115-150200.4.26.1
openSUSE Leap 15.5
jctools-4.0.5-150200.3.9.1
jctools-channels-4.0.5-150200.3.9.1
jctools-experimental-4.0.5-150200.3.9.1
jctools-javadoc-4.0.5-150200.3.9.1
netty-4.1.115-150200.4.26.1
netty-javadoc-4.1.115-150200.4.26.1
netty-tcnative-2.0.69-150200.3.22.1
netty-tcnative-javadoc-2.0.69-150200.3.22.1
openSUSE Leap 15.6
jctools-4.0.5-150200.3.9.1
jctools-channels-4.0.5-150200.3.9.1
jctools-experimental-4.0.5-150200.3.9.1
jctools-javadoc-4.0.5-150200.3.9.1
netty-4.1.115-150200.4.26.1
netty-javadoc-4.1.115-150200.4.26.1
netty-tcnative-2.0.69-150200.3.22.1
netty-tcnative-javadoc-2.0.69-150200.3.22.1
Ссылки
- Link for SUSE-SU-2024:4407-1
- E-Mail link for SUSE-SU-2024:4407-1
- SUSE Security Ratings
- SUSE Bug 1047218
- SUSE Bug 1233297
- SUSE CVE CVE-2024-47535 page
Описание
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Затронутые продукты
Container suse/manager/5.0/x86_64/server:latest:aalto-xml-1.3.3-150200.5.3.1
Container suse/manager/5.0/x86_64/server:latest:jctools-4.0.5-150200.3.9.1
Container suse/manager/5.0/x86_64/server:latest:netty-4.1.115-150200.4.26.1
Image server-image:aalto-xml-1.3.3-150200.5.3.1
Ссылки
- CVE-2024-47535
- SUSE Bug 1233297