RedHat: RHSA-2020-0567:01 Important: Red Hat build of Eclipse Vert.x 3.8.5

    Date 03 Mar 2020
    383
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat build of Eclipse Vert.x 3.8.5 security update
    Advisory ID:       RHSA-2020:0567-01
    Product:           Red Hat OpenShift Application Runtimes
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0567
    Issue date:        2020-03-03
    CVE Names:         CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat build of Eclipse Vert.x.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each
    vulnerability. For more information, see the CVE links in the References
    section.
    
    2. Description:
    
    This release of Red Hat build of Eclipse Vert.x 3.8.5 includes security
    updates, bug fixes, and enhancements. For more information, see the release
    notes page listed in the References section.
    
    Security Fix(es):
    
    * netty: HTTP request smuggling (CVE-2019-20444)
    
    * netty: HttpObjectDecoder.java allows Content-Length header to accompanied
    by second Content-Length header (CVE-2019-20445)
    
    * netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
    mishandling (CVE-2020-7238)
    
    For more details about the security issues and their impact, the CVSS
    score, acknowledgements, and other related information, see the CVE pages
    listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    The References section of this erratum contains a download link for the
    update. You must be logged in to download the update.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
    1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
    1798524 - CVE-2019-20444 netty: HTTP request smuggling
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2019-20444
    https://access.redhat.com/security/cve/CVE-2019-20445
    https://access.redhat.com/security/cve/CVE-2020-7238
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.8/html/release_notes_for_eclipse_vert.x_3.8/index
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=3.8.5
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXl6CUdzjgjWX9erEAQgdFw//VvKSTYHvsrJRx3mWp67p+KkYgvT1hjgi
    1tSNYZjxhaJVJDwuPaWa6FNAVXRuKoYs69UZ+/u5xU0A6pAc1wiPOJLt9rOSkmZi
    vNpMafblwsiR1mSxes1pcqBpwU0wbzkuohPK8uZvTbl+m12Cmn0kyTO+8iX0Kspv
    Fx0dImJQmf5mJkauVdcBQ52KMvWJWpVZnClWsRIhjjigfSxSGp/TzoDhyCwbUZdD
    UBLzu0hdHerxXmraA0wDgBWyaj5ilIBDsKwaojcgp5H8zNLC1A0IzaVf9VQ6DpaD
    Oehd+QHF+niFTL9CeWAVwRfSzipUjf/xOKXa67Gu1YiJsXurQLnJ20L9H+KFakig
    dC2p7JUhRxwiyEu/AHz0wZVrBG+NTWgSxd5VCVQyPGQMGXwnA+YEygqFxbuLYFBV
    Sec02ky8qwBvlDGqu5UxdJUk9kR5AePvOZfPSDxy6xpWXAXPej8KdBN7waOs0n18
    mL3cp8AOAirSQFCnWx4WqRZngBcs0Dy/JuklhoDL3vqbn3O0vcx72oDO6Q+rYk8e
    jlJ+VIRtPX+MV/ZAiY/YeX4e20qbJQMBI3hvATtHCxNmvGtPu1KJxrCZR9K0v0Cg
    Wp9/9Ff1ixpM7PFIL89eEN6bPr2g8/Esnhn3hT/woD+HxHKkVkp051rsK5QEF9Rv
    hfO3eJEBYt8=
    =w8kF
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.