Lesezeichen hinzufügen
Originalnachricht
SUSE Security Update: Security update for python-waitress______________________________________________________________________________Announcement ID: SUSE-SU-2020:3292-1Rating: moderateReferences: #1160790 #1161088 #1161089 #1161670 Cross-References: CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792Affected Products: SUSE Enterprise Storage 5______________________________________________________________________________ An update that fixes four vulnerabilities is now available.Description: This update for python-waitress to version 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3292=1Package List: - SUSE Enterprise Storage 5 (noarch): python-waitress-1.4.3-3.3.1References: https://www.suse.com/security/cve/CVE-2019-16785.html https://www.suse.com/security/cve/CVE-2019-16786.html https://www.suse.com/security/cve/CVE-2019-16789.html https://www.suse.com/security/cve/CVE-2019-16792.html https://bugzilla.suse.com/1160790 https://bugzilla.suse.com/1161088 https://bugzilla.suse.com/1161089 https://bugzilla.suse.com/1161670