Debian 10260 Published by

Updated Netty packages are available for Debian GNU/Linux 9 Extended LTS to address a vulnerability that allowed an attacker to allocate resources without limits or throttling due to the accumulation of data in the HttpPostRequestDecoder. Additionally, updated composer packages are available for Debian GNU/Linux 11 to fix a regression that the previous update introduced.

ELA-1110-1 netty security update
[DSA 5715-2] composer regression update



ELA-1110-1 netty security update

Package : netty
Version : 1:4.1.7-2+deb9u5 (stretch)

Related CVEs :
CVE-2024-29025

Julien Viet discovered that Netty, a Java NIO client/server socket framework,
was vulnerable to allocation of resources without limits or throttling due to
the accumulation of data in the HttpPostRequestDecoder. This would allow an
attacker to cause a denial of service.

ELA-1110-1 netty security update


[DSA 5715-2] composer regression update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5715-2 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : composer

The update for composer released as DSA 5715 introduced a regression
in the handling of git feature branches. Updated composer packages
are now available to address this issue.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.0.9-2+deb11u4.

The stable distribution (bookworm) is not affected.

We recommend that you upgrade your composer packages.

For the detailed security status of composer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/composer

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/