First published: Tue Oct 27 2020(Updated: )
USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash (denial of service). (CVE-2020-11612) Original advisory details: It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libnetty-java | <1:4.1.7-4ubuntu0.1 | 1:4.1.7-4ubuntu0.1 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
USN-4600-2 addresses the CVE-2019-20444 and CVE-2019-20445 vulnerabilities in Netty.
A remote attacker can exploit the Netty vulnerability by sending a large stream to the Netty server, causing it to crash.
USN-4600-2 affects libnetty-java version 1:4.1.7-4ubuntu0.1.
To fix the Netty vulnerability, update to libnetty-java version 1:4.1.7-4ubuntu0.1.
You can find more information about the Netty vulnerabilities in the USN-4600-2 advisory.