SUSE-SU-2024:4407-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2024/suse-su-20244407-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4407-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2024:4407-1
Upstream
Related
Published
2024-12-23T08:49:34Z
Modified
2025-05-08T17:33:55.472923Z
Summary
Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative
Details

This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues:

  • CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297)

Other fixes: - Upgraded netty to upstream version 4.1.115 - Upgraded netty-tcnative to version 2.0.69 Final - Updated jctools to version 4.0.5 - Updated aalto-xml to version 1.3.3 - Updated moditect to version 1.2.2 - Updated flatten-maven-plugin to version 1.6.0

References

Affected packages

openSUSE:Leap 15.5

jctools

Package

Name
jctools
Purl
pkg:rpm/opensuse/jctools&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.5-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "netty-tcnative": "2.0.69-150200.3.22.1",
            "jctools-channels": "4.0.5-150200.3.9.1",
            "netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
            "jctools-javadoc": "4.0.5-150200.3.9.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1",
            "jctools-experimental": "4.0.5-150200.3.9.1"
        }
    ]
}

netty

Package

Name
netty
Purl
pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.115-150200.4.26.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "netty-tcnative": "2.0.69-150200.3.22.1",
            "jctools-channels": "4.0.5-150200.3.9.1",
            "netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
            "jctools-javadoc": "4.0.5-150200.3.9.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1",
            "jctools-experimental": "4.0.5-150200.3.9.1"
        }
    ]
}

netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.69-150200.3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "netty-tcnative": "2.0.69-150200.3.22.1",
            "jctools-channels": "4.0.5-150200.3.9.1",
            "netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
            "jctools-javadoc": "4.0.5-150200.3.9.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1",
            "jctools-experimental": "4.0.5-150200.3.9.1"
        }
    ]
}

openSUSE:Leap 15.6

jctools

Package

Name
jctools
Purl
pkg:rpm/opensuse/jctools&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.5-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "netty-tcnative": "2.0.69-150200.3.22.1",
            "jctools-channels": "4.0.5-150200.3.9.1",
            "netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
            "jctools-javadoc": "4.0.5-150200.3.9.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1",
            "jctools-experimental": "4.0.5-150200.3.9.1"
        }
    ]
}

netty

Package

Name
netty
Purl
pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.115-150200.4.26.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "netty-tcnative": "2.0.69-150200.3.22.1",
            "jctools-channels": "4.0.5-150200.3.9.1",
            "netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
            "jctools-javadoc": "4.0.5-150200.3.9.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1",
            "jctools-experimental": "4.0.5-150200.3.9.1"
        }
    ]
}

netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.69-150200.3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "netty-tcnative": "2.0.69-150200.3.22.1",
            "jctools-channels": "4.0.5-150200.3.9.1",
            "netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
            "jctools-javadoc": "4.0.5-150200.3.9.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1",
            "jctools-experimental": "4.0.5-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP5

netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.69-150200.3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.69-150200.3.22.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP6

netty-tcnative

Package

Name
netty-tcnative
Purl
pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.69-150200.3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty-tcnative": "2.0.69-150200.3.22.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP5

jctools

Package

Name
jctools
Purl
pkg:rpm/suse/jctools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.5-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1"
        }
    ]
}

netty

Package

Name
netty
Purl
pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.115-150200.4.26.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP6

jctools

Package

Name
jctools
Purl
pkg:rpm/suse/jctools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.5-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1"
        }
    ]
}

netty

Package

Name
netty
Purl
pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.115-150200.4.26.1

Ecosystem specific 

{
    "binaries": [
        {
            "netty": "4.1.115-150200.4.26.1",
            "jctools": "4.0.5-150200.3.9.1",
            "netty-javadoc": "4.1.115-150200.4.26.1"
        }
    ]
}