Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1144 netty security update 6 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: netty Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-21409 CVE-2021-21295 CVE-2021-21290 CVE-2020-11612 CVE-2020-7238 CVE-2019-20445 CVE-2019-20444 Reference: ESB-2021.1108 ESB-2020.4464 ESB-2020.3697 ESB-2020.3243 Original Bulletin: https://lists.debian.org/debian-security-announce/2021/msg00066.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4885-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : netty CVE ID : CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure. For the stable distribution (buster), these problems have been fixed in version 1:4.1.33-1+deb10u2. We recommend that you upgrade your netty packages. For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBrXn0ACgkQEMKTtsN8 TjYiIQ/+M3dHpXdXRxZlx12OSJNsJoZa52/7uKhM9Vg0HhdCYnq7RjXTI2zZmUu7 VbL/F1ixPFgHWZpFIwHPTxZ4qk5+qQKYj7JyU1g+NyL9MkVsAW7ccYj3gbp3Kgk6 bE2GEwfh0qSKDgolflLCudGsqF1J54T65kO5oQ+Gtbx/8+NJ0YrVrHsmG1O4IMHQ 6oK/znY6CmQtUSY1p8DCNTWp63hZYpGzg9Umv/y9TaYm3QeG1BNz3tQz8uaGZQWq LihkaTSpJoo7ezNUFYinaRECylpEf7MHgK+uYkJ0MZrZ+2wyMC6V0BATVwF2Aj7X VMrRBJTSf20z5u/k0m+y9k8cR8CcR3sWVo/7mpRJAIsvnyMQwKBmxjHSlVfzOqYK 91NB7OSi/ZDKOOsdQ5oW337FPQolCXl2DOe2UW9Z1K9XFs11VplsFxMkrzZtiwba dXhq6odVZwQfzjiWGj0yFftfJSAAs9B0I1L1EqW2QR7sN25YA1OosYsc5iYvUXD7 mhjU1RtqsXK3jI9TjGmXos+6Yj36iPncNwXBL4AKKPapV5qm6mHQkXTowW1NM5vu 8NokTjKtuixgb08CAQHNe202TpQ9kGHNTe2FDKRNFQrlTaoxt2DlmHbDiLn6i1Ue k4HImGqrUw9venxQ/vPZjTW6UaTbz0D9BPQcb9ApBOAgydEjJqE= =6i6I - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYGvYiuNLKJtyKPYoAQgofg//dCETbtlf3uxrq4aZoBIbnJNH2lk66pnC n04Ew35iIXRYehS9c4GAueIhctfCN43ggNhoZtMU3liAKOfNuK+kE6vtc//BXMMM /fJf3IR/deMTJ80bpPqDhq77EsV9dBlDtffHIpIjVM3dbcqD+aovFHcbhp/aEFf8 AIs6LZAGlg+ToWfOs81bE7NtXNRMvpKmdfDNW5/XqoO/oGy97oJ3bdhpkALOXzhb 0jI8VRZklE9cDkmxhfs7/T8RpQskv2teGnRSRjoysdniL5xRPmxvcUTB36MIqQm/ 7nq4Dwi0Kl32ooNMvqpVDq1pBKNINW5u90r+2D8FseOWvYKel7PSgxNoqBF0PmR+ NxwxGrIU4+EhESp6KHGB8EZszCaU0m4j92+5DlHUhsAFDMQ6p5TSUpyCch5zZPFm hre1HGxpNrPoR1mEZVcris9brW9idLLYlQUHg2cWDVrAELGWH2zGCxDWwXXqnFAt qkgvENU/i4m+DK3tmXagCYJrwxlL3pwedZuflCJZ6/C1ZKQuinxiUxo6n8rXFDwz 01zjRUNFTeNV8X7HYTENF8oGiWFRXLWTF1qjlZoXlLgU59KUMf2Yjbo+KBReF+fL VUc+xhCLis6mp+fVAfbaQDpvK/TeOjN0yc+CRXs2eQkI/u7Nx0jjEk5exRUqzVlo h43Txw87zxc= =QC26 -----END PGP SIGNATURE-----