An update for netty is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2395 Final 1.0 1.0 2024-11-15 Initial 2024-11-15 2024-11-15 openEuler SA Tool V1.0 2024-11-15 netty security update An update for netty is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc < - %description help Man pages and other related documents for . Security Fix(es): Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.(CVE-2024-29025) An update for netty is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium netty https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2395 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29025 https://nvd.nist.gov/vuln/detail/CVE-2024-29025 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 netty-4.1.13-22.oe2203sp1.aarch64.rpm netty-4.1.13-22.oe2403.aarch64.rpm netty-4.1.13-22.oe2203sp4.aarch64.rpm netty-4.1.13-22.oe2203sp3.aarch64.rpm netty-4.1.13-19.oe2003sp4.aarch64.rpm netty-4.1.13-22.oe2203sp1.src.rpm netty-4.1.13-22.oe2403.src.rpm netty-4.1.13-22.oe2203sp4.src.rpm netty-4.1.13-22.oe2203sp3.src.rpm netty-4.1.13-19.oe2003sp4.src.rpm netty-4.1.13-22.oe2203sp1.x86_64.rpm netty-4.1.13-22.oe2403.x86_64.rpm netty-4.1.13-22.oe2203sp4.x86_64.rpm netty-4.1.13-22.oe2203sp3.x86_64.rpm netty-4.1.13-19.oe2003sp4.x86_64.rpm netty-help-4.1.13-22.oe2203sp1.noarch.rpm netty-help-4.1.13-22.oe2403.noarch.rpm netty-help-4.1.13-22.oe2203sp4.noarch.rpm netty-help-4.1.13-22.oe2203sp3.noarch.rpm netty-help-4.1.13-19.oe2003sp4.noarch.rpm Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final. 2024-11-15 CVE-2024-29025 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L netty security update 2024-11-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2395