SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4407

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4407

Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative

Type: security

Severity: moderate

Issued: 2024-12-23

Description:

This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues:

- CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can 
lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297)

Other fixes:
- Upgraded netty to upstream version 4.1.115
- Upgraded netty-tcnative to version 2.0.69 Final
- Updated jctools to version 4.0.5
- Updated aalto-xml to version 1.3.3
- Updated moditect to version 1.2.2
- Updated flatten-maven-plugin to version 1.6.0

References

CVE: CVE-2024-47535
Bugzilla: 1233297 VUL-0: CVE-2024-47535: netty,netty3: unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded
Bugzilla: 1047218 trackerbug: packages do not build reproducibly from including build time

Packages

jctools-4.0.5-150200.3.9.1

netty-4.1.115-150200.4.26.1