Debian LTS: DLA-2109-1: netty security update

    Date19 Feb 2020
    467
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were discovered in the HTTP server provided by Netty, a Java NIO client/server socket framework:
    
    Package        : netty
    Version        : 1:3.2.6.Final-2+deb8u2
    CVE ID         : CVE-2019-20444 CVE-2019-20445 CVE-2020-7238
    Debian Bug     : 950966 950967
    
    
    Several vulnerabilities were discovered in the HTTP server provided by
    Netty, a Java NIO client/server socket framework:
    
    CVE-2019-20444
    
        HttpObjectDecoder.java allows an HTTP header that lacks a colon,
        which might be interpreted as a separate header with an incorrect
        syntax, or might be interpreted as an "invalid fold."
    
    CVE-2019-20445
    
        HttpObjectDecoder.java allows a Content-Length header to be
        accompanied by a second Content-Length header, or by a
        Transfer-Encoding header.
    
    CVE-2020-7238
    
        Netty allows HTTP Request Smuggling because it mishandles
        Transfer-Encoding whitespace (such as a
        [space]Transfer-Encoding:chunked line) and a later Content-Length
        header.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1:3.2.6.Final-2+deb8u2.
    
    We recommend that you upgrade your netty packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.