{"affected":[{"ecosystem_specific":{"binaries":[{"netty-tcnative":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP5","name":"netty-tcnative","purl":"pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.69-150200.3.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"netty-tcnative":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP6","name":"netty-tcnative","purl":"pkg:rpm/suse/netty-tcnative&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.69-150200.3.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"jctools","purl":"pkg:rpm/suse/jctools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.5-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"netty","purl":"pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.115-150200.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"jctools","purl":"pkg:rpm/suse/jctools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.5-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"netty","purl":"pkg:rpm/suse/netty&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.115-150200.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","jctools-channels":"4.0.5-150200.3.9.1","jctools-experimental":"4.0.5-150200.3.9.1","jctools-javadoc":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1","netty-tcnative":"2.0.69-150200.3.22.1","netty-tcnative-javadoc":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"jctools","purl":"pkg:rpm/opensuse/jctools&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.5-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","jctools-channels":"4.0.5-150200.3.9.1","jctools-experimental":"4.0.5-150200.3.9.1","jctools-javadoc":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1","netty-tcnative":"2.0.69-150200.3.22.1","netty-tcnative-javadoc":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"netty","purl":"pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.115-150200.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","jctools-channels":"4.0.5-150200.3.9.1","jctools-experimental":"4.0.5-150200.3.9.1","jctools-javadoc":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1","netty-tcnative":"2.0.69-150200.3.22.1","netty-tcnative-javadoc":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"netty-tcnative","purl":"pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.69-150200.3.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","jctools-channels":"4.0.5-150200.3.9.1","jctools-experimental":"4.0.5-150200.3.9.1","jctools-javadoc":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1","netty-tcnative":"2.0.69-150200.3.22.1","netty-tcnative-javadoc":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"jctools","purl":"pkg:rpm/opensuse/jctools&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.5-150200.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","jctools-channels":"4.0.5-150200.3.9.1","jctools-experimental":"4.0.5-150200.3.9.1","jctools-javadoc":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1","netty-tcnative":"2.0.69-150200.3.22.1","netty-tcnative-javadoc":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"netty","purl":"pkg:rpm/opensuse/netty&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.115-150200.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jctools":"4.0.5-150200.3.9.1","jctools-channels":"4.0.5-150200.3.9.1","jctools-experimental":"4.0.5-150200.3.9.1","jctools-javadoc":"4.0.5-150200.3.9.1","netty":"4.1.115-150200.4.26.1","netty-javadoc":"4.1.115-150200.4.26.1","netty-tcnative":"2.0.69-150200.3.22.1","netty-tcnative-javadoc":"2.0.69-150200.3.22.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"netty-tcnative","purl":"pkg:rpm/opensuse/netty-tcnative&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.69-150200.3.22.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues:\n\n- CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can \nlead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297)\n\nOther fixes:\n- Upgraded netty to upstream version 4.1.115\n- Upgraded netty-tcnative to version 2.0.69 Final\n- Updated jctools to version 4.0.5\n- Updated aalto-xml to version 1.3.3\n- Updated moditect to version 1.2.2\n- Updated flatten-maven-plugin to version 1.6.0","id":"SUSE-SU-2024:4407-1","modified":"2024-12-23T08:49:34Z","published":"2024-12-23T08:49:34Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244407-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047218"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233297"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47535"}],"related":["CVE-2024-47535"],"summary":"Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative","upstream":["CVE-2024-47535"]}