ELA-770-1 netty security update

denial of service

Version1:4.1.7-2+deb9u4 (stretch)
Related CVEs CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41915

Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.

For Debian 9 stretch, these problems have been fixed in version 1:4.1.7-2+deb9u4.

We recommend that you upgrade your netty packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.