openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:0590-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.2.2025.0590.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2025:0590-1)

Resumen: The remote host is missing an update for the 'netty, netty-tcnative' package(s) announced via the SUSE-SU-2025:0590-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'netty, netty-tcnative' package(s) announced via the SUSE-SU-2025:0590-1 advisory.

Vulnerability Insight:
This update for netty, netty-tcnative fixes the following issues:

- CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037)
- CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038)

Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final.

Other fixes:

- Fix recycling in CodecOutputList.
- StreamBufferingEncoder: do not send header frame with priority by default.
- Notify event loop termination future of unexpected exceptions.
- Fix AccessControlException in GlobalEventExecutor.
- AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency.
- Support BouncyCastle FIPS for reading PEM files.
- Dns: correctly encode DnsPtrRecord.
- Provide Brotli settings without com.aayushatharva.brotli4j dependency.
- Make DefaultResourceLeak more resilient against OOM.
- OpenSslSession: add support to defensively check for peer certs.
- SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException.
- Correcly handle comments appended to nameserver declarations.
- PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the global header.
- PcapWriteHandler: allow output of PCAP files larger than 2GB.
- Fix bugs in BoundedInputStream.
- Fix HTTP header validation bug.
- AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...).
- AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced.
- Only try to use Zstd and Brotli if the native libs can be loaded.
- Bump BlockHound version to 1.0.10.RELEASE.
- Add details to TooLongFrameException message.
- AdaptivePoolingAllocator: correctly reuse chunks.
- AdaptivePoolingAllocator: don't fail when we run on a host with 1 core.
- AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue.
- Fix several memory management (leaks and missing checks) issues.

Affected Software/OS:
'netty, netty-tcnative' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2025-24970
Common Vulnerability Exposure (CVE) ID: CVE-2025-25193

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2025.0590.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2025:0590-1)
Resumen:	The remote host is missing an update for the 'netty, netty-tcnative' package(s) announced via the SUSE-SU-2025:0590-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'netty, netty-tcnative' package(s) announced via the SUSE-SU-2025:0590-1 advisory. Vulnerability Insight: This update for netty, netty-tcnative fixes the following issues: - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037) - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038) Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final. Other fixes: - Fix recycling in CodecOutputList. - StreamBufferingEncoder: do not send header frame with priority by default. - Notify event loop termination future of unexpected exceptions. - Fix AccessControlException in GlobalEventExecutor. - AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency. - Support BouncyCastle FIPS for reading PEM files. - Dns: correctly encode DnsPtrRecord. - Provide Brotli settings without com.aayushatharva.brotli4j dependency. - Make DefaultResourceLeak more resilient against OOM. - OpenSslSession: add support to defensively check for peer certs. - SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException. - Correcly handle comments appended to nameserver declarations. - PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the global header. - PcapWriteHandler: allow output of PCAP files larger than 2GB. - Fix bugs in BoundedInputStream. - Fix HTTP header validation bug. - AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...). - AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced. - Only try to use Zstd and Brotli if the native libs can be loaded. - Bump BlockHound version to 1.0.10.RELEASE. - Add details to TooLongFrameException message. - AdaptivePoolingAllocator: correctly reuse chunks. - AdaptivePoolingAllocator: don't fail when we run on a host with 1 core. - AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue. - Fix several memory management (leaks and missing checks) issues. Affected Software/OS: 'netty, netty-tcnative' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2025-24970 Common Vulnerability Exposure (CVE) ID: CVE-2025-25193
Copyright	Copyright (C) 2025 Greenbone AG