SUSE-SU-2024:4407-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20244407-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4407-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2024:4407-1
- Related
- Published
- 2024-12-23T08:49:34Z
- Modified
- 2025-05-08T17:33:55.472923Z
- Upstream
- Summary
- Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative
- Details
-
This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues:
- CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297)
Other fixes: - Upgraded netty to upstream version 4.1.115 - Upgraded netty-tcnative to version 2.0.69 Final - Updated jctools to version 4.0.5 - Updated aalto-xml to version 1.3.3 - Updated moditect to version 1.2.2 - Updated flatten-maven-plugin to version 1.6.0
- References
Affected packages
SUSE:Linux Enterprise Module for Development Tools 15 SP5 / netty-tcnative
Package
- Name
- netty-tcnative
- Purl
- pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5
SUSE:Linux Enterprise Module for Development Tools 15 SP6 / netty-tcnative
Package
- Name
- netty-tcnative
- Purl
- pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6
SUSE:Linux Enterprise Module for Package Hub 15 SP5 / jctools
Package
- Name
- jctools
- Purl
- pkg:rpm/suse/jctools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
SUSE:Linux Enterprise Module for Package Hub 15 SP5 / netty
Package
- Name
- netty
- Purl
- pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
SUSE:Linux Enterprise Module for Package Hub 15 SP6 / jctools
Package
- Name
- jctools
- Purl
- pkg:rpm/suse/jctools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
SUSE:Linux Enterprise Module for Package Hub 15 SP6 / netty
Package
- Name
- netty
- Purl
- pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
openSUSE:Leap 15.5 / jctools
Package
- Name
- jctools
- Purl
- pkg:rpm/opensuse/jctools&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.5-150200.3.9.1
Ecosystem specific
{
"binaries": [
{
"jctools": "4.0.5-150200.3.9.1",
"jctools-experimental": "4.0.5-150200.3.9.1",
"netty-tcnative": "2.0.69-150200.3.22.1",
"jctools-javadoc": "4.0.5-150200.3.9.1",
"netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
"netty": "4.1.115-150200.4.26.1",
"netty-javadoc": "4.1.115-150200.4.26.1",
"jctools-channels": "4.0.5-150200.3.9.1"
}
]
}
openSUSE:Leap 15.5 / netty
Package
- Name
- netty
- Purl
- pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.115-150200.4.26.1
Ecosystem specific
{
"binaries": [
{
"jctools": "4.0.5-150200.3.9.1",
"jctools-experimental": "4.0.5-150200.3.9.1",
"netty-tcnative": "2.0.69-150200.3.22.1",
"jctools-javadoc": "4.0.5-150200.3.9.1",
"netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
"netty": "4.1.115-150200.4.26.1",
"netty-javadoc": "4.1.115-150200.4.26.1",
"jctools-channels": "4.0.5-150200.3.9.1"
}
]
}
openSUSE:Leap 15.5 / netty-tcnative
Package
- Name
- netty-tcnative
- Purl
- pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.69-150200.3.22.1
Ecosystem specific
{
"binaries": [
{
"jctools": "4.0.5-150200.3.9.1",
"jctools-experimental": "4.0.5-150200.3.9.1",
"netty-tcnative": "2.0.69-150200.3.22.1",
"jctools-javadoc": "4.0.5-150200.3.9.1",
"netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
"netty": "4.1.115-150200.4.26.1",
"netty-javadoc": "4.1.115-150200.4.26.1",
"jctools-channels": "4.0.5-150200.3.9.1"
}
]
}
openSUSE:Leap 15.6 / jctools
Package
- Name
- jctools
- Purl
- pkg:rpm/opensuse/jctools&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.5-150200.3.9.1
Ecosystem specific
{
"binaries": [
{
"jctools": "4.0.5-150200.3.9.1",
"jctools-experimental": "4.0.5-150200.3.9.1",
"netty-tcnative": "2.0.69-150200.3.22.1",
"jctools-javadoc": "4.0.5-150200.3.9.1",
"netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
"netty": "4.1.115-150200.4.26.1",
"netty-javadoc": "4.1.115-150200.4.26.1",
"jctools-channels": "4.0.5-150200.3.9.1"
}
]
}
openSUSE:Leap 15.6 / netty
Package
- Name
- netty
- Purl
- pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.115-150200.4.26.1
Ecosystem specific
{
"binaries": [
{
"jctools": "4.0.5-150200.3.9.1",
"jctools-experimental": "4.0.5-150200.3.9.1",
"netty-tcnative": "2.0.69-150200.3.22.1",
"jctools-javadoc": "4.0.5-150200.3.9.1",
"netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
"netty": "4.1.115-150200.4.26.1",
"netty-javadoc": "4.1.115-150200.4.26.1",
"jctools-channels": "4.0.5-150200.3.9.1"
}
]
}
openSUSE:Leap 15.6 / netty-tcnative
Package
- Name
- netty-tcnative
- Purl
- pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.69-150200.3.22.1
Ecosystem specific
{
"binaries": [
{
"jctools": "4.0.5-150200.3.9.1",
"jctools-experimental": "4.0.5-150200.3.9.1",
"netty-tcnative": "2.0.69-150200.3.22.1",
"jctools-javadoc": "4.0.5-150200.3.9.1",
"netty-tcnative-javadoc": "2.0.69-150200.3.22.1",
"netty": "4.1.115-150200.4.26.1",
"netty-javadoc": "4.1.115-150200.4.26.1",
"jctools-channels": "4.0.5-150200.3.9.1"
}
]
}