You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa netty-3.9

Sigurnosni nedostaci programskog paketa netty-3.9

==========================================================================
Ubuntu Security Notice USN-4532-1
September 22, 2020

netty-3.9 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Netty.

Software Description:
– netty-3.9: Asynchronous event-driven network application framework

Details:

It was discovered that Netty incorrectly handled certain HTTP headers.
By sending an HTTP header with whitespace before the colon, a remote
attacker could possibly use this issue to perform an HTTP request
smuggling attack. (CVE-2019-16869)

It was discovered that Netty incorrectly handled certain HTTP headers.
By sending an HTTP header that lacks a colon, a remote attacker could
possibly use this issue to perform an HTTP request smuggling attack.
(CVE-2019-20444)

It was discovered that Netty incorrectly handled certain HTTP headers.
By sending a Content-Length header accompanied by a second
Content-Length header, or by a Transfer-Encoding header, a remote
attacker could possibly use this issue to perform an HTTP request
smuggling attack. (CVE-2019-20445)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libnetty-3.9-java 3.9.9.Final-1+deb9u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4532-1
CVE-2019-16869, CVE-2019-20444, CVE-2019-20445

Package Information:

https://launchpad.net/ubuntu/+source/netty-3.9/3.9.9.Final-1+deb9u1build0.18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9qR48ACgkQW+PTAFZK
yRhG+Q/+KQayhzLLF06FH5aa5+OB5EUFANNkhuPynHMYqNoYTQFXUi312frfjXe6
zj/m+dIpYWwzy/3aCL4rKO0Wek9lFTg7nN7B/jkj0GVUPCvfR3ky1BMrelClL5Zp
sjBLYwIfGWVOlY70QO/ZjLwOeMGMjhHVCCD2HpDD3XHyVZ5LPIfsqOV4QXPhwjzj
hofVxnLaLS00wqsieiQq7tDLi1B0eyJBc5CZqrvUU9fk9hx+6Ll7yFsukhT4UTv2
GhPXnV23k0nCugUMQ7951F1coutTSTW2Rx2118+shmfhFS9R/ykrflMX2ob3+p8h
SsqS7EGq6MM5PZ5tpYw6E6Aj7wQnFziiV2cAx7ujg7LM2Gl/n1oipfJyhQS31+sY
+HafDAWu8oApWNjPC8M9YmQRcjl0Gx/dzPMb3BJmXihyfkBzwyDAk/DXw/vqL0cS
NDbWEuej7t7Z4cZzeKUkOfnsezNXTF0/UhcRp55/X6m7hEyhRE5aKHhKOPiWjGoO
t3tUrehXKGkhOXUgkfwzHd65iHMSUC2ZF4Z4URJCSKA2gEwJgLhJ4RywIzjvwIJM
mywkeEl++C9wGzIFUXXQqRAn9b7XjEqnZt+57WxBqDfbGoxs3u0CVH3z8N7k/CdR
350KCTJLnPV4cWqQ/0uVpWnNfTx1JKpC7xXyFXw4ynnQ9zmzRUY=
=NxHH
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa debian-lan-config

Otkriven je sigurnosni nedostatak u programskom paketu debian-lan-config za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti....

Close