|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2019-16869: netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexander Bergmann <abergmann> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | gabriele.sonnu, moio, security-team, smash_bz, wolfgang.frisch |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/243415/ | ||
| See Also: | https://bugzilla.suse.com/show_bug.cgi?id=1161984 | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2019-16869:6.3:(AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) maint:planned:update | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexander Bergmann
2019-09-27 08:57:17 UTC
Same considerations in https://bugzilla.suse.com/show_bug.cgi?id=1145663#c1 apply here I'd like to draw your attention to CVE-2020-7238 [1], a bug that was introduced upstream by the fix for this bug, CVE-2019-16869. [1] https://bugzilla.suse.com/show_bug.cgi?id=1161984 I submitted requests to update our netty package to 4.1.14 which fixes this vulnerability, and Uyuni patches to adapt to the new version. https://github.com/uyuni-project/uyuni/pull/1877 https://build.opensuse.org/request/show/772129 https://build.opensuse.org/request/show/772127 https://build.suse.de/request/show/210975 https://build.suse.de/request/show/210973 https://build.suse.de/request/show/210972 https://build.suse.de/request/show/210970 This fix will be part of the next SUSE Manager major version, 4.1, as well. Can this bug just be closed to RESOLVED? process is to reassign to security-team Done. |