Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Red Hat OpenStack 15: RHSA-2020:0720-01 Low: python-waitress Security Issue

red hat
Calendar Grey March 5, 2020
Dist Redhat Esm H88
A new version can be found for python-waitress in Red Hat OpenStack Platform 15, assessed with a low severity rating.
An update for python-waitress is now available for Red Hat OpenStack Platform 15 (Stein)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1.
Security Fix(es):
* HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)
* HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)
* HTTP Request Smuggling through Invalid whitespace characters in headers(CVE-2019-16789)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2019-16785 https://access.redhat.com/security/cve/CVE-2019-16786 https://access.redhat.com/security/cve/CVE-2019-16789 https://access.redhat.com/security/updates/classification#low

Package List

Red Hat OpenStack Platform 15.0:
Source: python-waitress-1.4.2-1.el8ost.src.rpm
noarch: python3-waitress-1.4.2-1.el8ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:0720-01
Product: Red Hat OpenStack Platform
Issue date: 2020-03-05

Topic

An update for python-waitress is now available for Red Hat OpenStackPlatform 15 (Stein).Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat OpenStack Platform 15.0 - noarch

Bugs Fixed

1789807 - CVE-2019-16789 waitress: HTTP Request Smuggling through Invalid whitespace characters in headers1791415 - CVE-2019-16786 waitress: HTTP request smuggling through invalid Transfer-Encoding

1791420 - CVE-2019-16785 waitress: HTTP request smuggling through LF vs CRLF handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.