Ubuntu alert USN-4600-2 (netty)
| From: | Paulo Flabiano Smorigo <pfsmorigo@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-4600-2] Netty vulnerabilities | |
| Date: | Tue, 27 Oct 2020 15:36:03 -0300 | |
| Message-ID: | <20201027183603.3a3qcmnsxyh33j3m@morty> |
========================================================================== Ubuntu Security Notice USN-4600-2 October 27, 2020 netty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: netty could be made to crash or run programs if it received specially crafted network traffic. Software Description: - netty: None Details: USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash (denial of service). (CVE-2020-11612) Original advisory details: It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libnetty-java 1:4.1.7-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4600-2 https://usn.ubuntu.com/4600-1 CVE-2019-20444, CVE-2019-20445, CVE-2020-11612 Package Information: https://launchpad.net/ubuntu/+source/netty/1:4.1.7-4ubunt... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...