Detections
Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2025:0590-1)

high Nessus Plugin ID 216507

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0590-1 advisory.

 - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037)
 - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038)

 Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final.

 Other fixes:

 - Fix recycling in CodecOutputList.
 - StreamBufferingEncoder: do not send header frame with priority by default.
 - Notify event loop termination future of unexpected exceptions.
 - Fix AccessControlException in GlobalEventExecutor.
 - AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency.
 - Support BouncyCastle FIPS for reading PEM files.
 - Dns: correctly encode DnsPtrRecord.
 - Provide Brotli settings without com.aayushatharva.brotli4j dependency.
 - Make DefaultResourceLeak more resilient against OOM.
 - OpenSslSession: add support to defensively check for peer certs.
 - SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException.
 - Correcly handle comments appended to nameserver declarations.
 - PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the global header.
 - PcapWriteHandler: allow output of PCAP files larger than 2GB.
 - Fix bugs in BoundedInputStream.
 - Fix HTTP header validation bug.
 - AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...).
 - AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced.
 - Only try to use Zstd and Brotli if the native libs can be loaded.
 - Bump BlockHound version to 1.0.10.RELEASE.
 - Add details to TooLongFrameException message.
 - AdaptivePoolingAllocator: correctly reuse chunks.
 - AdaptivePoolingAllocator: don't fail when we run on a host with 1 core.
 - AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue.
 - Fix several memory management (leaks and missing checks) issues.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected netty, netty-javadoc, netty-tcnative and / or netty-tcnative-javadoc packages.

See Also

https://bugzilla.suse.com/1237037

https://bugzilla.suse.com/1237038

http://www.nessus.org/u?b505c7dc

https://www.suse.com/security/cve/CVE-2025-24970

https://www.suse.com/security/cve/CVE-2025-25193

Plugin Details

Severity: High

ID: 216507

File Name: suse_SU-2025-0590-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/20/2025

Updated: 2/20/2025

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2025-24970

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:netty-tcnative, p-cpe:/a:novell:suse_linux:netty-javadoc, p-cpe:/a:novell:suse_linux:netty

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/19/2025

Vulnerability Publication Date: 2/10/2025

Reference Information

CVE: CVE-2025-24970, CVE-2025-25193

SuSE: SUSE-SU-2025:0590-1