MGASA-2021-0052 - Updated undertow packages fix security vulnerability

Publication date: 22 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0052.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-10719

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the
processing of invalid HTTP requests with large chunk sizes. This flaw allows an
attacker to take advantage of HTTP request smuggling (CVE-2020-10719).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28076
- https://security-tracker.debian.org/tracker/CVE-2020-10719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10719

SRPMS:
- 7/core/undertow-1.4.0-2.1.mga7