========================================================================== Ubuntu Security Notice USN-7843-1 October 28, 2025
netty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Netty could be made to send emails as your login if it received specially
crafted input.
Software Description:
- netty: Java NIO client/server socket framework
Details:
It was discovered that Netty did not properly handle user input. A remote
attacker could possibly use this issue to forge arbitrary emails from a
trusted server.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libnetty-java 1:4.1.48-10ubuntu0.25.10.1
Ubuntu 25.04
libnetty-java 1:4.1.48-10ubuntu0.25.04.1
Ubuntu 24.04 LTS
libnetty-java 1:4.1.48-9ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libnetty-java 1:4.1.48-4+deb11u2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libnetty-java 1:4.1.45-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libnetty-java 1:4.1.7-4ubuntu0.1+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7843-1
CVE-2025-59419
Package Information:
https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.25.04.1
signature.asc
Description: OpenPGP digital signature
