==========================================================================
Ubuntu Security Notice USN-4600-2
October 27, 2020
netty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
netty could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
– netty: None
Details:
USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides
the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty.
Also it was discovered that Netty allow for unbounded memory allocation. A
remote attacker could send a large stream to the Netty server causing it to
crash (denial of service). (CVE-2020-11612)
Original advisory details:
It was discovered that Netty had HTTP request smuggling vulnerabilities. A
remote attacker could used it to extract sensitive information. (CVE-2019-16869,
CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libnetty-java 1:4.1.7-4ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4600-2
https://usn.ubuntu.com/4600-1
CVE-2019-20444, CVE-2019-20445, CVE-2020-11612
Package Information:
https://launchpad.net/ubuntu/+source/netty/1:4.1.7-4ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+YaIwACgkQbUp5kL3i
zGZSOg/+J6w9wVfnhtTMcQz2VusxFw8rpXvDrSDLxCJlsrbBxwlljqDfeLTRGdg+
PxNVzJeFjgVmuDeFQO1tA1O4/nnBHMxcvHPnUMSAeijl2CiPPr9+IVuquqU2o/4h
T7sb6oIEL1XGhagA+moSh4gkslb/T/ZeW+LtQJ1TFkNdj8DuDN8SiCWEg6x0mWj8
YB5FXvE2tuwUKpWfi01T14asQZoejJGhONQnyNGcOnUch5J2+Zqu50m9dVKcc22E
/tXhqftUQQBzBm4DhGal7DMWAWg7zr86v4NCqSRsHtLjIhz+0n34Kh0ugjF/Z39B
RiO4cD/q6OT/H0sYlvcuphZtaRmVnw7nZdExDOKLhgytY+1ff0tE/Zi+xGFqORhU
oZkcc1J+h/xRLH24kBzqG1SwBoyBqTO7YP6fedQKaErIjE+uux5+Ab2PmliWimTu
2kUAmxgL3mEwyIFq4euoimjZJLAmwmUUtBWOBX7V+9UOAa6BR8YKk7J94IrikMYb
lJn3Em9Ui3wRtSg9FAtH2n3/DvXlroug0iVDk5vbcygx86U9GcKmLHkIYzElGYxg
D+fQhz5S9H0Wdbkrw8ESvX1Vtr7Uk4tR4RKnAAdhsBqGkhWPe1T6MtFbVy/FcE8N
iC/5PiUy1OfO5uZQrXRYxTiwCvMwmf8+xslKzWB2pPCwvM+M2VU=
=Bb/o
—–END PGP SIGNATURE—–
—