Bugzilla – Bug 1216169
VUL-0: netty: protect against DDOS caused by RST floods (CVE-2023-44487)
Last modified: 2024-05-07 07:46:41 UTC
The netty code was improved to protected against possible RST floods Upstream commit: https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 We are tracking all "HTTP/2 Rapid Reset Attack" related bugs within bsc#1216123.
SUSE-SU-2023:4163-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1216169 CVE References: CVE-2023-44487 Sources used: Development Tools Module 15-SP4 (src): netty-tcnative-2.0.62-150200.3.16.1 Development Tools Module 15-SP5 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Package Hub 15 15-SP5 (src): netty-4.1.100-150200.4.20.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): netty-tcnative-2.0.62-150200.3.16.1 SUSE Enterprise Storage 7.1 (src): netty-tcnative-2.0.62-150200.3.16.1 openSUSE Leap 15.4 (src): netty-tcnative-2.0.62-150200.3.16.1, netty-4.1.100-150200.4.20.1 openSUSE Leap 15.5 (src): netty-tcnative-2.0.62-150200.3.16.1, netty-4.1.100-150200.4.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4210-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1215415, 1215416, 1215417, 1216162, 1216169 CVE References: CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-44487 Sources used: SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): jetty-minimal-9.4.53-150200.3.22.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): jetty-minimal-9.4.53-150200.3.22.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): jetty-minimal-9.4.53-150200.3.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): jetty-minimal-9.4.53-150200.3.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): jetty-minimal-9.4.53-150200.3.22.1 SUSE Enterprise Storage 7.1 (src): jetty-minimal-9.4.53-150200.3.22.1 openSUSE Leap 15.4 (src): jetty-minimal-9.4.53-150200.3.22.1 openSUSE Leap 15.5 (src): jetty-minimal-9.4.53-150200.3.22.1 Development Tools Module 15-SP4 (src): jetty-minimal-9.4.53-150200.3.22.1 Development Tools Module 15-SP5 (src): jetty-minimal-9.4.53-150200.3.22.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): jetty-minimal-9.4.53-150200.3.22.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): jetty-minimal-9.4.53-150200.3.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fixed, please close.
All done, closing.