Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Netty
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Netty
ID: USN-4532-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS
Datum: Di, 22. September 2020, 22:32
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
https://launchpad.net/ubuntu/+source/netty-3.9/3.9.9.Final-1+deb9u1build0.18.04.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16869
Applikationen: Netty

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6385496001896365111==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="aQ83pj1c2wF3Ewt5hYbTGb7AXlB12KnD1"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--aQ83pj1c2wF3Ewt5hYbTGb7AXlB12KnD1
Content-Type: multipart/mixed;
boundary="NcmPgNRUCY9SKPZhFLp1ajieky3e7IwY5"

--NcmPgNRUCY9SKPZhFLp1ajieky3e7IwY5
Content-Type: text/plain; charset=utf-8
Content-Language: en-U
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4532-1
September 22, 2020

netty-3.9 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Netty.

Software Description:
- netty-3.9: Asynchronous event-driven network application framework

Details:

It was discovered that Netty incorrectly handled certain HTTP headers.
By sending an HTTP header with whitespace before the colon, a remote
attacker could possibly use this issue to perform an HTTP request
smuggling attack. (CVE-2019-16869)

It was discovered that Netty incorrectly handled certain HTTP headers.
By sending an HTTP header that lacks a colon, a remote attacker could
possibly use this issue to perform an HTTP request smuggling attack.
(CVE-2019-20444)

It was discovered that Netty incorrectly handled certain HTTP headers.
By sending a Content-Length header accompanied by a second
Content-Length header, or by a Transfer-Encoding header, a remote
attacker could possibly use this issue to perform an HTTP request
smuggling attack. (CVE-2019-20445)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libnetty-3.9-java 3.9.9.Final-1+deb9u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4532-1
CVE-2019-16869, CVE-2019-20444, CVE-2019-20445

Package Information:

https://launchpad.net/ubuntu/+source/netty-3.9/3.9.9.Final-1+deb9u1build0.18.04.1


--NcmPgNRUCY9SKPZhFLp1ajieky3e7IwY5--

--aQ83pj1c2wF3Ewt5hYbTGb7AXlB12KnD1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9qR48ACgkQW+PTAFZK
yRhG+Q/+KQayhzLLF06FH5aa5+OB5EUFANNkhuPynHMYqNoYTQFXUi312frfjXe6
zj/m+dIpYWwzy/3aCL4rKO0Wek9lFTg7nN7B/jkj0GVUPCvfR3ky1BMrelClL5Zp
sjBLYwIfGWVOlY70QO/ZjLwOeMGMjhHVCCD2HpDD3XHyVZ5LPIfsqOV4QXPhwjzj
hofVxnLaLS00wqsieiQq7tDLi1B0eyJBc5CZqrvUU9fk9hx+6Ll7yFsukhT4UTv2
GhPXnV23k0nCugUMQ7951F1coutTSTW2Rx2118+shmfhFS9R/ykrflMX2ob3+p8h
SsqS7EGq6MM5PZ5tpYw6E6Aj7wQnFziiV2cAx7ujg7LM2Gl/n1oipfJyhQS31+sY
+HafDAWu8oApWNjPC8M9YmQRcjl0Gx/dzPMb3BJmXihyfkBzwyDAk/DXw/vqL0cS
NDbWEuej7t7Z4cZzeKUkOfnsezNXTF0/UhcRp55/X6m7hEyhRE5aKHhKOPiWjGoO
t3tUrehXKGkhOXUgkfwzHd65iHMSUC2ZF4Z4URJCSKA2gEwJgLhJ4RywIzjvwIJM
mywkeEl++C9wGzIFUXXQqRAn9b7XjEqnZt+57WxBqDfbGoxs3u0CVH3z8N7k/CdR
350KCTJLnPV4cWqQ/0uVpWnNfTx1JKpC7xXyFXw4ynnQ9zmzRUY=
=NxHH
-----END PGP SIGNATURE-----

--aQ83pj1c2wF3Ewt5hYbTGb7AXlB12KnD1--


--===============6385496001896365111==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6385496001896365111==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung