Ubuntu alert USN-4532-1 (netty-3.9)
| From: | Emilia Torino <emilia.torino@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-4532-1] Netty vulnerabilities | |
| Date: | Tue, 22 Sep 2020 15:50:55 -0300 | |
| Message-ID: | <e9f64f3c-1409-7152-fd7c-7a9ef31b54ae@canonical.com> |
========================================================================== Ubuntu Security Notice USN-4532-1 September 22, 2020 netty-3.9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Netty. Software Description: - netty-3.9: Asynchronous event-driven network application framework Details: It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-16869) It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header that lacks a colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-20444) It was discovered that Netty incorrectly handled certain HTTP headers. By sending a Content-Length header accompanied by a second Content-Length header, or by a Transfer-Encoding header, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-20445) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libnetty-3.9-java 3.9.9.Final-1+deb9u1build0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4532-1 CVE-2019-16869, CVE-2019-20444, CVE-2019-20445 Package Information: https://launchpad.net/ubuntu/+source/netty-3.9/3.9.9.Fina... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...