USN-6994-1: Netty vulnerabilities
5 September 2024
Several security issues were fixed in Netty.
Releases
Packages
- netty - Java NIO client/server socket framework
Details
It was discovered that Netty did not properly sanitize its input
parameters. A remote attacker could possibly use this issue to cause a
crash. (CVE-2023-34462)
It was discovered that Netty incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause Netty to consume
resources, leading to a denial of service. (CVE-2023-44487)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6427-1: aspnetcore-runtime-7.0, dotnet6, dotnet-targeting-pack-7.0, dotnet-sdk-7.0, dotnet-apphost-pack-6.0, aspnetcore-runtime-6.0, dotnet-runtime-7.0, dotnet-hostfxr-6.0, dotnet7, dotnet-host-7.0, dotnet-sdk-6.0, dotnet-apphost-pack-7.0, dotnet-host, aspnetcore-targeting-pack-7.0, netstandard-targeting-pack-2.1-7.0, dotnet-targeting-pack-6.0, dotnet-templates-7.0, dotnet-templates-6.0, dotnet-sdk-7.0-source-built-artifacts, dotnet-runtime-6.0, dotnet-hostfxr-7.0, aspnetcore-targeting-pack-6.0, netstandard-targeting-pack-2.1, dotnet-sdk-6.0-source-built-artifacts
- USN-6427-2: dotnet-runtime-8.0, dotnet-templates-8.0, netstandard-targeting-pack-2.1-8.0, dotnet-sdk-8.0, dotnet-targeting-pack-8.0, dotnet-sdk-8.0-source-built-artifacts, dotnet8, dotnet-hostfxr-8.0, aspnetcore-targeting-pack-8.0, dotnet-apphost-pack-8.0, aspnetcore-runtime-8.0, dotnet-host-8.0
- USN-6438-1: aspnetcore-runtime-7.0, dotnet6, dotnet-targeting-pack-7.0, dotnet-sdk-7.0, dotnet-apphost-pack-6.0, aspnetcore-runtime-6.0, dotnet-runtime-7.0, dotnet-hostfxr-6.0, dotnet7, dotnet-host-7.0, dotnet-sdk-6.0, dotnet-apphost-pack-7.0, dotnet-host, aspnetcore-targeting-pack-7.0, netstandard-targeting-pack-2.1-7.0, dotnet-targeting-pack-6.0, dotnet-templates-7.0, dotnet-templates-6.0, dotnet-sdk-7.0-source-built-artifacts, dotnet-runtime-6.0, dotnet-hostfxr-7.0, aspnetcore-targeting-pack-6.0, netstandard-targeting-pack-2.1, dotnet-sdk-6.0-source-built-artifacts
- USN-6505-1: libnghttp2-dev, nghttp2-client, nghttp2, nghttp2-server, libnghttp2-14, nghttp2-proxy, libnghttp2-doc
- USN-6574-1: golang-1.20, golang-1.21-src, golang-1.21-go, golang-1.20-src, golang-1.20-doc, golang-1.21-doc, golang-1.21, golang-1.20-go
- USN-6754-1: libnghttp2-dev, nghttp2-client, nghttp2, nghttp2-server, libnghttp2-14, nghttp2-proxy, libnghttp2-doc
- USN-7067-1: haproxy, vim-haproxy, haproxy-doc