Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Leap:15.5:Update
patchinfo.23695
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.23695
<patchinfo incident="23695"> <issue tracker="bnc" id="1193672">VUL-0: CVE-2021-43797: netty3, netty: possible HTTP request smuggling due to insufficient validation against control characters</issue> <issue tracker="bnc" id="1190613">VUL-0: CVE-2021-37137: netty: netty-codec: SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way</issue> <issue tracker="bnc" id="1182103">VUL-1: CVE-2021-21290: netty: Information disclosure via the local system temporary directory</issue> <issue tracker="bnc" id="1190610">VUL-0: CVE-2021-37136: netty: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data</issue> <issue tracker="cve" id="2021-43797"/> <issue tracker="cve" id="2021-37137"/> <issue tracker="cve" id="2021-37136"/> <issue tracker="cve" id="2021-21290"/> <issue tracker="bnc" id="1183262"/> <issue tracker="cve" id="2021-21295"/> <packager>fstrba</packager> <rating>important</rating> <category>security</category> <summary>Security update for netty</summary> <description>This update for netty fixes the following issues: - Updated to version 4.1.75: - CVE-2021-37136: Fixed an unrestricted decompressed data size in Bzip2Decoder (bsc#1190610). - CVE-2021-37137: Fixed an unrestricted chunk length in SnappyFrameDecoder, which might lead to excessive memory usage (#bsc#1190613). - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). - CVE-2021-21290: Fixed an information disclosure via the local system temporary directory (bsc#1182103). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor