------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 21, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : netty Version : 1:4.1.33-1+deb10u5 CVE ID : CVE-2024-29025 Debian Bug : 1068110 Julien Viet discovered that Netty, a Java NIO client/server socket framework, was vulnerable to allocation of resources without limits or throttling due to the accumulation of data in the HttpPostRequestDecoder. This would allow an attacker to cause a denial of service. For Debian 10 buster, this problem has been fixed in version 1:4.1.33-1+deb10u5. We recommend that you upgrade your netty packages. For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part