|
|
Log in / Subscribe / Register

Ubuntu alert USN-7918-1 (netty)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7918-1] Netty vulnerabilities


Date:
              Wed, 10 Dec 2025 00:47:06 +0000


Message-ID:
              <E1vT8ME-0002Aw-Fb@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7918-1
December 09, 2025

netty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Netty.

Software Description:
- netty: event-driven asynchronous network application framework

Details:

Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP
messages. When Netty is used with certain reverse proxies, a
remote attacker could possibly use this issue to perform HTTP request
smuggling attacks. (CVE-2025-58056)

Jonas Konrad discovered that Netty did not properly manage memory when
decoding compressed data. A remote attacker could possibly use this
issue to cause Netty to consume excessive memory, resulting in a denial
of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu
20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and
Ubuntu 25.10. (CVE-2025-58057)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libnetty-java                   1:4.1.48-10ubuntu0.25.10.2

Ubuntu 25.04
  libnetty-java                   1:4.1.48-10ubuntu0.25.04.2

Ubuntu 24.04 LTS
  libnetty-java                   1:4.1.48-9ubuntu0.1

Ubuntu 22.04 LTS
  libnetty-java                   1:4.1.48-4+deb11u2ubuntu0.1

Ubuntu 20.04 LTS
  libnetty-java                   1:4.1.45-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libnetty-java                   1:4.1.7-4ubuntu0.1+esm5
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libnetty-java                   1:4.0.34-1ubuntu0.1~esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7918-1
  CVE-2025-58056, CVE-2025-58057

Package Information:
  https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubu...
  https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubu...
  https://launchpad.net/ubuntu/+source/netty/1:4.1.48-9ubun...
  https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmk4wpYACgkQcpJm3tlz
hgEpwQ//XvXmo8w4s4LTN1r0+cEw5ZBm++OO2+8Q6gTtYXYF9pLVU3WYG+00Zckx
QRLN1FA1k0suX/GHZZUepcssUeZSLptczcZB8sLPWXCqvTpiTgM0eu3uixcsua7J
3FfnnT15a0SP1frsseMmlvuEACGS7N3838AxQeEXxRPjv1AUkj7OHjGWs05ki2kl
WnGLVeJonYEmKachabF56jvkX2Q3UxRU/U0NLuxsEInRU4mQO0rh0BCoRi9xCCKk
j1bvBmwypr3OMr3X2t0jx98KcPUzxLP1OlMBjLxsJIq55bjtsdsLiRisoZ50GMJ3
+P6ZUSHf3E/qkkBvJYuTSrX9/ASRYbP8Em+zhMziw9kU8Lu+XSqDwsgYQ0l1aiQt
dcY3kHEWsEVzoW/t0MWABockwegz9Mh4vdpIvHysI/D9s2g09zCkmN2HDbHW554j
m0d4XFuqZvQdQ5yqOcMlZs9Ze41qSO8/aRtl7eahjU/RSBmKJ3eySV4YCioALBQi
TrgDUoti0671L+h1tFL7saB3nGD+wuHMvKD447TaEBWDgRZcksztP6BqV5j7+kHa
vpRoL7NeFbsPOgVMKG8yycK6CLD9j8QwpCZUQC5yd1P5xSqvEmDbkHKPK0SU4ujB
Be78Tex/+tLNuAowkbf8826yYCzwlirv5aqaRt71J9ak3vxU3ew=
=p+NA
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds