UbuntuUpdates.org

Package "netty"

Name: netty

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Java NIO client/server socket framework
Latest version: 1:4.1.48-4+deb11u2ubuntu0.1
Release: jammy (22.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "netty" in Jammy

Repository Area Version
base universe 1:4.1.48-4
security universe 1:4.1.48-4+deb11u2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.1.48-4+deb11u2ubuntu0.1 2025-12-10 04:11:26 UTC

  netty (1:4.1.48-4+deb11u2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2025-58057.patch: Adjust how decoders and
      decompressors manage buffers to prevent out-of-memory in
      .../http/HttpContentDecoder.java,
      .../http2/DelegatingDecompressorFrameListener.java,
      .../compression/JZlibDecoder.java, .../compression/JdkZlibDecoder.java,
      and add tests to .../http/HttpContentDecompressorTest.java and
      .../compression/{AbstractIntegrationTest.java,
      JZlibIntegrationTest.java, JdkZlibIntegrationTest.java}.
    - CVE-2025-58057
  * SECURITY UPDATE: HTTP request/response smuggling
    - debian/patches/CVE-2025-58056.patch: Enforce stricter parsing of line
      endings in .../http/{HttpObjectDecoder.java, HttpRequestDecoder.java,
      HttpResponseDecoder.java, InvalidChunkExtensionException.java,
      InvalidChunkTerminationException.java,
      InvalidLineSeparatorException.java} and add tests to
      .../http/{HttpRequestDecoderTest.java, HttpResponseDecoderTest.java}.
    - CVE-2025-58056

 -- Edwin Jiang <email address hidden> Thu, 27 Nov 2025 20:44:42 +0000
Source diff to previous version
CVE-2025-58057 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients
CVE-2025-58056 Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In

Version: 1:4.1.48-4+deb11u2build0.22.04.1 2024-09-05 17:07:00 UTC

  netty (1:4.1.48-4+deb11u2build0.22.04.1) jammy-security; urgency=medium

  * fake sync from Debian
Source diff to previous version

Version: 1:4.1.48-4+deb11u1build0.22.04.1 2023-04-28 01:07:11 UTC

  netty (1:4.1.48-4+deb11u1build0.22.04.1) jammy-security; urgency=medium

  * fake sync from Debian


About   -   Send Feedback to @ubuntu_updates