SUSE-SU-2022:3617-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3617-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:3617-1
- Related
- Published
- 2022-10-18T11:28:54Z
- Modified
- 2022-10-18T11:28:54Z
- Summary
- Security update for netty
- Details
-
This update for netty fixes the following issues:
- CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932)
- CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103)
- CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610)
- CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613)
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20223617-1/
- https://bugzilla.suse.com/1168932
- https://bugzilla.suse.com/1182103
- https://bugzilla.suse.com/1190610
- https://bugzilla.suse.com/1190613
- https://www.suse.com/security/cve/CVE-2020-11612
- https://www.suse.com/security/cve/CVE-2021-21290
- https://www.suse.com/security/cve/CVE-2021-37136
- https://www.suse.com/security/cve/CVE-2021-37137