Bug 1078298 (CVE-2016-10711)

Summary:	VUL-1: CVE-2016-10711 Pound: request smuggling via crafted headers
Product:	[openSUSE] openSUSE Distribution	Reporter:	Karol Babioch <karol>
Component:	Security	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Minor
Priority:	P5 - None
Version:	Leap 42.3
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/199137/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Karol Babioch 2018-01-30 13:29:15 UTC

Apsis Pound before 2.8a allows request smuggling via crafted headers, a
different vulnerability than CVE-2005-3751.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1540187
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10711
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10711.html
http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000

Comment 1 Swamp Workflow Management 2018-01-30 15:00:08 UTC

This is an autogenerated message for OBS integration:
This bug (1078298) was mentioned in
https://build.opensuse.org/request/show/571084 42.3 / pound

Comment 2 Karol Babioch 2018-01-30 15:16:23 UTC

https://build.opensuse.org/request/show/571084
https://build.opensuse.org/request/show/571048

Comment 3 Swamp Workflow Management 2018-01-31 14:40:21 UTC

This is an autogenerated message for OBS integration:
This bug (1078298) was mentioned in
https://build.opensuse.org/request/show/571411 Factory / pound

Comment 4 Swamp Workflow Management 2018-02-08 11:09:04 UTC

openSUSE-SU-2018:0394-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1078298
CVE References: CVE-2016-10711
Sources used:
openSUSE Leap 42.3 (src):    pound-2.7-8.1