[Bug 1719748] New: jetty-9.4.19.v20190610 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1719748
Bug ID: 1719748
Summary: jetty-9.4.19.v20190610 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jetty
Keywords: FutureFeature, Triaged
Assignee: mat.booth(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 9.4.19.v20190610
Current version/release in rawhide: 9.4.18-2.v20190429.fc31
URL: http://www.eclipse.org/jetty
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1447/
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 6 months
[Bug 1945712] New: CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1945712
Bug ID: 1945712
Summary: CVE-2021-28164 jetty: Ambiguous paths can access
WEB-INF
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, dbecker(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, eric.wittmann(a)redhat.com,
etirelli(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-maint(a)redhat.com, jburrell(a)redhat.com,
jjohnstn(a)redhat.com, jjoyce(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jross(a)redhat.com, jschluet(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com,
mat.booth(a)gmail.com, mburns(a)redhat.com,
mizdebsk(a)redhat.com, mkolesni(a)redhat.com,
mnovotny(a)redhat.com, nstielau(a)redhat.com,
pantinor(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, slinaber(a)redhat.com,
sochotni(a)redhat.com, sponnaga(a)redhat.com,
swoodman(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance
mode allows requests with URIs that contain %2e or %2e%2e segments to access
protected resources within the WEB-INF directory. For example a request to
/context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal
sensitive information regarding the implementation of a web application.
References:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8w...
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1945714] New: CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1945714
Bug ID: 1945714
Summary: CVE-2021-28165 jetty: Resource exhaustion when
receiving an invalid large TLS frame
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, dbecker(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, eric.wittmann(a)redhat.com,
etirelli(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-maint(a)redhat.com, jburrell(a)redhat.com,
jjohnstn(a)redhat.com, jjoyce(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jross(a)redhat.com, jschluet(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com,
mat.booth(a)gmail.com, mburns(a)redhat.com,
mizdebsk(a)redhat.com, mkolesni(a)redhat.com,
mnovotny(a)redhat.com, nstielau(a)redhat.com,
pantinor(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, slinaber(a)redhat.com,
sochotni(a)redhat.com, sponnaga(a)redhat.com,
swoodman(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to
11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
References:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j...
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1945710] New: CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1945710
Bug ID: 1945710
Summary: CVE-2021-28163 jetty: Symlink directory exposes webapp
directory contents
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, dbecker(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, eric.wittmann(a)redhat.com,
etirelli(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-maint(a)redhat.com, jburrell(a)redhat.com,
jjohnstn(a)redhat.com, jjoyce(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jross(a)redhat.com, jschluet(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com,
mat.booth(a)gmail.com, mburns(a)redhat.com,
mizdebsk(a)redhat.com, mkolesni(a)redhat.com,
mnovotny(a)redhat.com, nstielau(a)redhat.com,
pantinor(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, slinaber(a)redhat.com,
sochotni(a)redhat.com, sponnaga(a)redhat.com,
swoodman(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to
11.0.1, if a user uses a webapps directory that is a symlink, the contents of
the webapps directory is deployed as a static webapp, inadvertently serving the
webapps themselves and anything else that might be in that directory.
References:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j8...
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1934116] New: CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1934116
Bug ID: 1934116
Summary: CVE-2020-27223 jetty: request containing multiple
Accept headers with a large number of "quality"
parameters may lead to DoS
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aboyko(a)redhat.com,
aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, aos-bugs(a)redhat.com,
ataylor(a)redhat.com, bibryam(a)redhat.com,
bmontgom(a)redhat.com, chazlett(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
mat.booth(a)redhat.com, mcermak(a)redhat.com,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
mprchlik(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pantinor(a)redhat.com,
patrickm(a)redhat.com, pbhattac(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, sochotni(a)redhat.com,
sponnaga(a)redhat.com, sthorger(a)redhat.com,
tcunning(a)redhat.com, tflannag(a)redhat.com,
tkirby(a)redhat.com, vbobade(a)redhat.com,
vkadlcik(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and
11.0.0 when Jetty handles a request containing multiple Accept headers with a
large number of “quality” (i.e. q) parameters, the server may enter a denial of
service (DoS) state due to high CPU usage processing those quality values,
resulting in minutes of CPU time exhausted processing those quality values.
References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8r...
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1944888] New: CVE-2021-21409 netty: Request smuggling via content-length header
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1944888
Bug ID: 1944888
Summary: CVE-2021-21409 netty: Request smuggling via
content-length header
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, akurtako(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
andjrobins(a)gmail.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, btotty(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
clement.escoffier(a)redhat.com, dandread(a)redhat.com,
darran.lofthouse(a)redhat.com, dbecker(a)redhat.com,
dbhole(a)redhat.com, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, extras-orphan(a)fedoraproject.org,
fjuma(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gsmet(a)redhat.com,
hamadhan(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
jjoyce(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jross(a)redhat.com,
jschluet(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kaycoth(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, lhh(a)redhat.com, loleary(a)redhat.com,
lpeer(a)redhat.com, lthon(a)redhat.com, lzap(a)redhat.com,
mat.booth(a)gmail.com, mburns(a)redhat.com,
mkolesni(a)redhat.com, mmccune(a)redhat.com,
mnovotny(a)redhat.com, msochure(a)redhat.com,
msvehla(a)redhat.com, mszynkie(a)redhat.com,
nmoumoul(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pcreech(a)redhat.com,
pdrozd(a)redhat.com, peholase(a)redhat.com,
pgallagh(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, probinso(a)redhat.com,
rchan(a)redhat.com, rgodfrey(a)redhat.com,
rgrunber(a)redhat.com, rguimara(a)redhat.com,
rjerrido(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
sbiarozk(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, sdouglas(a)redhat.com,
slinaber(a)redhat.com, smaestri(a)redhat.com,
sochotni(a)redhat.com, sokeeffe(a)redhat.com,
spinder(a)redhat.com, sponnaga(a)redhat.com,
sthorger(a)redhat.com, swoodman(a)redhat.com,
tbrisker(a)redhat.com, tflannag(a)redhat.com,
theute(a)redhat.com, tom.jenkinson(a)redhat.com,
yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
Netty is an open-source, asynchronous event-driven network application
framework for rapid development of maintainable high performance protocol
servers & clients. In Netty (io.netty:netty-codec-http2) before version
4.1.61.Final there is a vulnerability that enables request smuggling. The
content-length header is not correctly validated if the request only uses a
single Http2HeaderFrame with the endStream set to to true. This could lead to
request smuggling if the request is proxied to a remote peer and translated to
HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did
miss to fix this one case. This was fixed as part of 4.1.61.Final.
References:
https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38d...
https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 9 months
[Bug 1937364] New: CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1937364
Bug ID: 1937364
Summary: CVE-2021-21295 netty: possible request smuggling in
HTTP/2 due missing validation
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, akurtako(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
andjrobins(a)gmail.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, btotty(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
clement.escoffier(a)redhat.com, dandread(a)redhat.com,
darran.lofthouse(a)redhat.com, dbecker(a)redhat.com,
dbhole(a)redhat.com, decathorpe(a)gmail.com,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, extras-orphan(a)fedoraproject.org,
fjuma(a)redhat.com, ganandan(a)redhat.com,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
gsmet(a)redhat.com, hamadhan(a)redhat.com,
hhudgeon(a)redhat.com, ibek(a)redhat.com,
iweiss(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
jjoyce(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jross(a)redhat.com,
jschluet(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kaycoth(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, lhh(a)redhat.com, loleary(a)redhat.com,
lpeer(a)redhat.com, lthon(a)redhat.com, lzap(a)redhat.com,
mat.booth(a)redhat.com, mburns(a)redhat.com,
mkolesni(a)redhat.com, mmccune(a)redhat.com,
mnovotny(a)redhat.com, msochure(a)redhat.com,
msvehla(a)redhat.com, mszynkie(a)redhat.com,
nmoumoul(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pcreech(a)redhat.com,
pdrozd(a)redhat.com, peholase(a)redhat.com,
pgallagh(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, probinso(a)redhat.com,
rchan(a)redhat.com, rgodfrey(a)redhat.com,
rgrunber(a)redhat.com, rguimara(a)redhat.com,
rjerrido(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
sbiarozk(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, sdouglas(a)redhat.com,
slinaber(a)redhat.com, smaestri(a)redhat.com,
sochotni(a)redhat.com, sokeeffe(a)redhat.com,
spinder(a)redhat.com, sponnaga(a)redhat.com,
sthorger(a)redhat.com, swoodman(a)redhat.com,
tbrisker(a)redhat.com, tflannag(a)redhat.com,
theute(a)redhat.com, tom.jenkinson(a)redhat.com,
yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
Netty is an open-source, asynchronous event-driven network application
framework for rapid development of maintainable high performance protocol
servers & clients. In Netty (io.netty:netty-codec-http2) before version
4.1.60.Final there is a vulnerability that enables request smuggling. If a
Content-Length header is present in the original HTTP/2 request, the field is
not validated by `Http2MultiplexHandler` as it is propagated up. This is fine
as long as the request is not proxied through as HTTP/1.1. If the request comes
in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects
(`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec
`and then sent up to the child channel's pipeline and proxied through a remote
peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users
may assume the content-length is validated somehow, which is not the case. If
the request is forwarded to a backend channel that is a HTTP/1.1 connection,
the Content-Length now has meaning and needs to be checked. An attacker can
smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1.
For an example attack refer to the linked GitHub Advisory. Users are only
affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is
used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1
objects, and these HTTP/1.1 objects are forwarded to another remote peer. This
has been patched in 4.1.60.Final As a workaround, the user can do the
validation by themselves by implementing a custom `ChannelInboundHandler` that
is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
Reference:
https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
Upstream patch:
https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2f...
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 9 months
[Bug 1902826] New: CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1902826
Bug ID: 1902826
Summary: CVE-2020-27218 jetty: buffer not correctly recycled in
Gzip Request inflation
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aboyko(a)redhat.com,
aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, aos-bugs(a)redhat.com,
ataylor(a)redhat.com, bmontgom(a)redhat.com,
btofel(a)redhat.com, chazlett(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
mnovotny(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pbhattac(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, sochotni(a)redhat.com,
sponnaga(a)redhat.com, sthorger(a)redhat.com,
tcunning(a)redhat.com, tkirby(a)redhat.com,
vbobade(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to
10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation
is enabled and requests from different clients are multiplexed onto a single
connection, and if an attacker can send a request with a body that is received
entirely but not consumed by the application, then a subsequent request on the
same connection will see that body prepended to its body. The attacker will not
see any data but may inject data into the body of the subsequent request.
References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rr...
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years
[Bug 1933816] New: CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1933816
Bug ID: 1933816
Summary: CVE-2020-11988 xmlgraphics-commons: SSRF due to
improper input validation by the XMPParser
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
akurtako(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, andjrobins(a)gmail.com,
anstephe(a)redhat.com, bibryam(a)redhat.com,
chazlett(a)redhat.com, dbhole(a)redhat.com,
drieden(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
etirelli(a)redhat.com, ganandan(a)redhat.com,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
jkang(a)redhat.com, jochrist(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
mcermak(a)redhat.com, mizdebsk(a)redhat.com,
mnovotny(a)redhat.com, mprchlik(a)redhat.com,
pantinor(a)redhat.com, patrickm(a)redhat.com,
pjindal(a)redhat.com, rgrunber(a)redhat.com,
rlandman(a)redhat.com, rrajasek(a)redhat.com,
rsynek(a)redhat.com, sdaley(a)redhat.com,
vkadlcik(a)redhat.com
Target Milestone: ---
Classification: Other
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery,
caused by improper input validation by the XMPParser. By using a
specially-crafted argument, an attacker could exploit this vulnerability to
cause the underlying server to make arbitrary GET requests.
References:
https://xmlgraphics.apache.org/security.html
https://www.openwall.com/lists/oss-security/2021/02/24/1
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 4 months
[Bug 1933808] New: CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1933808
Bug ID: 1933808
Summary: CVE-2020-11987 batik: SSRF due to improper input
validation by the NodePickerPanel
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aileenc(a)redhat.com, akurtako(a)redhat.com,
andjrobins(a)gmail.com, chazlett(a)redhat.com,
dbhole(a)redhat.com, drieden(a)redhat.com,
ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
jkang(a)redhat.com, jochrist(a)redhat.com,
jvanek(a)redhat.com, jwon(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
mizdebsk(a)redhat.com, rgrunber(a)redhat.com
Target Milestone: ---
Classification: Other
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by
improper input validation by the NodePickerPanel. By using a specially-crafted
argument, an attacker could exploit this vulnerability to cause the underlying
server to make arbitrary GET requests.
References:
https://xmlgraphics.apache.org/security.html
https://www.openwall.com/lists/oss-security/2021/02/24/2
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 4 months