MGASA-2021-0136 - Updated netty packages fix a security vulnerability

Publication date: 14 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0136.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-21290

When netty's multipart decoders are used local information disclosure can occur
via the local system temporary directory if temporary storing uploads on the
disk is enabled (CVE-2021-21290).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28446
- https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290

SRPMS:
- 8/core/netty-4.1.51-1.1.mga8