Mageia 2021-0052: undertow security update
Summary
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the
processing of invalid HTTP requests with large chunk sizes. This flaw allows an
attacker to take advantage of HTTP request smuggling (CVE-2020-10719).
References
- https://bugs.mageia.org/show_bug.cgi?id=28076
- https://security-tracker.debian.org/tracker/CVE-2020-10719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10719
Resolution
MGASA-2021-0052 - Updated undertow packages fix security vulnerability
SRPMS
- 7/core/undertow-1.4.0-2.1.mga7