[ubuntu/kinetic-security] netty 1:4.1.48-5ubuntu0.1 (Accepted)
Fabian Toepfer
fabian.toepfer at canonical.com
Thu Apr 27 23:08:21 UTC 2023
netty (1:4.1.48-5ubuntu0.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-37136.patch: Introduce maximum limit for the
decompressed output data of the Bzip2 decompression decoder function.
- CVE-2021-37136
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-37137.patch: Introduce maximum limit for the
Snappy frame decoder function.
- CVE-2021-37137
* SECURITY UPDATE: HTTP request smuggling
- debian/patches/CVE-2021-43797.patch: Properly validate and reject
disallowed control chars at the beginning and end of header names.
- CVE-2021-43797
* SECURITY UPDATE: Stack overflow vulnerability
- debian/patches/CVE-2022-41881.patch: Introduce maximum limit for nesting
of TLV to avoid infinite recursion on malformed crafted messages.
- CVE-2022-41881
* SECURITY UPDATE: HTTP Response Splitting
- debian/patches/CVE-2022-41915.patch: Add missing header value validation
for setObject methods that take arrays and iterators as arguments.
- CVE-2022-41915
Date: 2023-04-27 19:05:16.977610+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list