Bugzilla – Bug 1152251
VUL-0: CVE-2019-16869: netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
Last modified: 2022-04-14 12:51:28 UTC
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers
(such as a "Transfer-Encoding : chunked" line), which leads to HTTP request
Same considerations in https://bugzilla.suse.com/show_bug.cgi?id=1145663#c1 apply here
I'd like to draw your attention to CVE-2020-7238 , a bug that was introduced upstream by the fix for this bug, CVE-2019-16869.
I submitted requests to update our netty package to 4.1.14 which fixes this vulnerability, and Uyuni patches to adapt to the new version.
This fix will be part of the next SUSE Manager major version, 4.1, as well.
Can this bug just be closed to RESOLVED?
process is to reassign to security-team