MGASA-2021-0039 - Updated resteasy packages fix a security vulnerability

Publication date: 17 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0039.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-1695

A flaw was found in Resteasy, where an improper input validation results in
returning an illegal header that integrates into the server's response. This
flaw may result in an injection, which leads to unexpected behavior when the
HTTP response is constructed (CVE-2020-1695).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27794
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695

SRPMS:
- 7/core/resteasy-3.0.26-2.mga7