Ubuntu alert USN-7843-1 (netty)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7843-1] Netty vulnerability | |
| Date: | Thu, 30 Oct 2025 13:50:28 +0000 | |
| Message-ID: | <E1vET2q-00059q-Ur@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7843-1 October 28, 2025 netty vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Netty could be made to send emails as your login if it received specially crafted input. Software Description: - netty: Java NIO client/server socket framework Details: It was discovered that Netty did not properly handle user input. A remote attacker could possibly use this issue to forge arbitrary emails from a trusted server. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libnetty-java 1:4.1.48-10ubuntu0.25.10.1 Ubuntu 25.04 libnetty-java 1:4.1.48-10ubuntu0.25.04.1 Ubuntu 24.04 LTS libnetty-java 1:4.1.48-9ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS libnetty-java 1:4.1.48-4+deb11u2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libnetty-java 1:4.1.45-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS libnetty-java 1:4.1.7-4ubuntu0.1+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7843-1 CVE-2025-59419 Package Information: https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubu... https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubu...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmkDbFsACgkQcpJm3tlz hgEvdw/8C8bPp4U8mpZ+OgimaV1XUZXA9mxELVoJdZA2Gb47lcxWS4wuMuEaIH2y Sy9lgCHVSJ0kDbRi6kdZnpXNWgUTUu1vhe8IDPZrKy5S+aUenLTXBWVHOex4h+6q lOTSzKnXntbRFkigRt7XjjDHhwTzRAcFPaT4cqFvGX0ZODPomhb60rCW7+C9aYAb qN9rhVe8LyHGkUWxW10y78iKcjGVXPstp6TPxgaC9OvTK0bYcUpetaon49ZIBtOp 1EmsOoARn/IXR4gjAvzH49W+P0pFvstLbD2CBJtMExjFHIG4NA2uKo50kjbcxZ95 6zrx9t94ewmyyGB7yD0hEGH7FwSIXcJ8iLAexGW7ep0vSCgAuO+bkWxPeVW41y46 5qi7Evpg3/5E/BAeU+75866Nj92I0a2baKVgjqYOUIC7XUWVyq8UrgIEDDyMhjPa LrZQdYkWtMjuQASOB7jf9SflF3MSdPHOQNg+b2aiTiUlft46pVPoLatZP5LUIttK Pznbyv42ihDIk55ijIJTzL9OsgzqSWyb/j9Mnwpc3qihNHURr516lie2pLuYXbDm EuiuytdjcNfg1POQ7APUsYV3drG8ht1vBVSoPlIDMoil+RJNihSQrL4MOz/tDCzL zcFRP9SOyXm4cbRn0L7bSjUTePS18DPSYiLoN08DRf/F2EDlqMI= =Apwq -----END PGP SIGNATURE-----