SUSE-SU-2025:0590-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250590-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0590-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0590-1
Related
Published
2025-02-19T10:34:01Z
Modified
2025-05-02T04:37:32.838242Z
Upstream
Summary
Security update for netty, netty-tcnative
Details

This update for netty, netty-tcnative fixes the following issues:

  • CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037)
  • CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038)

Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final.

Other fixes:

  • Fix recycling in CodecOutputList.
  • StreamBufferingEncoder: do not send header frame with priority by default.
  • Notify event loop termination future of unexpected exceptions.
  • Fix AccessControlException in GlobalEventExecutor.
  • AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency.
  • Support BouncyCastle FIPS for reading PEM files.
  • Dns: correctly encode DnsPtrRecord.
  • Provide Brotli settings without com.aayushatharva.brotli4j dependency.
  • Make DefaultResourceLeak more resilient against OOM.
  • OpenSslSession: add support to defensively check for peer certs.
  • SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException.
  • Correcly handle comments appended to nameserver declarations.
  • PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the global header.
  • PcapWriteHandler: allow output of PCAP files larger than 2GB.
  • Fix bugs in BoundedInputStream.
  • Fix HTTP header validation bug.
  • AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...).
  • AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced.
  • Only try to use Zstd and Brotli if the native libs can be loaded.
  • Bump BlockHound version to 1.0.10.RELEASE.
  • Add details to TooLongFrameException message.
  • AdaptivePoolingAllocator: correctly reuse chunks.
  • AdaptivePoolingAllocator: don't fail when we run on a host with 1 core.
  • AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue.
  • Fix several memory management (leaks and missing checks) issues.
References

Affected packages

SUSE:Linux Enterprise Module for Development Tools 15 SP6 / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / netty

Package

Name
netty
Purl
pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.118-150200.4.29.2

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.118-150200.4.29.2",
            "netty-javadoc": "4.1.118-150200.4.29.2"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP4-LTSS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP5-LTSS / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP4 / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP5 / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.70-150200.3.25.1"
        }
    ]
}

openSUSE:Leap 15.6 / netty

Package

Name
netty
Purl
pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.118-150200.4.29.2

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.118-150200.4.29.2",
            "netty-tcnative": "2.0.70-150200.3.25.1",
            "netty-javadoc": "4.1.118-150200.4.29.2",
            "netty-tcnative-javadoc": "2.0.70-150200.3.25.1"
        }
    ]
}

openSUSE:Leap 15.6 / netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.70-150200.3.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.118-150200.4.29.2",
            "netty-tcnative": "2.0.70-150200.3.25.1",
            "netty-javadoc": "4.1.118-150200.4.29.2",
            "netty-tcnative-javadoc": "2.0.70-150200.3.25.1"
        }
    ]
}