Debian Security Advisory 5316-1

Debian Security Advisory 5316-1: Posted Jan 12, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5316-1 - Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.; tags | advisory, java, web, denial of service, overflow, vulnerability; systems | linux, debian; advisories | CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915; SHA-256 | d79e44dc740a4bdba61067f17bc2f8d1870d872798afcbc0a4bdd6ffab09ccdd; Download | Favorite | View

Debian Security Advisory 5316-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5316-1                   security@debian.org
https://www.debian.org/security/                          Markus Koschany
January 11, 2023                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : netty
CVE ID         : CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41881
                 CVE-2022-41915
Debian Bug     : 1027180 1014769 1001437

Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities
have been discovered in Netty, a Java NIO client/server socket framework, which
may allow attackers to cause a denial of service or bypass restrictions when
used as a proxy.

For the stable distribution (bullseye), these problems have been fixed in
version 1:4.1.48-4+deb11u1.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/netty

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmO/OTVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeREBA//QmQrVlx87/n7z5FISY20tNkSxAI3/Xqx9IB/ldRLUw8xcttHoDV13H4K
JFKuEP6bdZzdzxXCcYGqNlXPjMJqbH6KIEmjIbCthsnbQfNzSXm86eqeZWl33kEG
QA1buF47PeyRzuW93JmS+XpjjOWaXA4/MmP14wOqHyu/sorRc4aN5R0/ea+cUSW4
a7Zvb/m/gM5dLm1m88do5oBgJsynZM0fCfLi/Lz2vvSKKap/DJaCcK9sjvyzCRlb
8OqtE+B5eejUIGcBF2TD5BZiZLY5ZIqPBEUZO5g+WMnPRWNUaU/lYqKuTPPlU72A
ZUeysGlAyhbPueEd5cIXG7jYUt07VRUFixinXHukhErzWtQU28mY7mA50If+wabO
9Pj/6/76St0XFWWxRNPYFCXeM7oSNdvC8DA7oNahpBMDSP/bJSc+sDdwjp41PjKj
zKKHraQMtOCDOWmqeWJUfUdqVa2ptSjUZ/oGBsW4CUkesoS03YAAtGasxlpfhR2o
43V0e7/9YmiBI1ZkpqIZ4vU7siqE6NzCMmvdtYaTQD66P0CJ3FCC/OdSdKSRp0HN
Z45D6hUUZdJLJrO8gGfLfZo9aABTlOSuRUcdHLBqOVUUjz7wqlQHH2d63ytf9X93
ATsBST3G5fY5ssKcyxHFtDAsqgbokkCLJ0D7TFM4cY+E7ywpq+I=
=jx2O
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Debian Security Advisory 5316-1

Debian Security Advisory 5316-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5316-1

Share This

Debian Security Advisory 5316-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems