SUSE has issued an advisory today (March 19): http://lists.suse.com/pipermail/sle-security-updates/2020-March/006627.html I believe the issue is fixed upstream in 1.40.0.
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers. (CVE-2019-18802) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802 http://lists.suse.com/pipermail/sle-security-updates/2020-March/006627.html ======================== Updated packages in core/updates_testing: ======================== nghttp2-1.38.0-1.2.mga7 lib(64)nghttp2_14-1.38.0-1.2.mga7 lib(64)nghttp2-devel-1.38.0-1.2.mga7 from SRPMS: nghttp2-1.38.0-1.2.mga7.src.rpm
Status: NEW => ASSIGNEDCVE: (none) => CVE-2019-18802Assignee: nicolas.salguero => qa-bugs
CVE description describes envoy, not nghttp2. How about this: Suggested advisory: ======================== Updated nghttp2 packages fix security vulnerability: Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure (CVE-2019-18802). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802 http://lists.suse.com/pipermail/sle-security-updates/2020-March/006627.html
MGA7-64 Plasma on Lenovo B50 No installation issues. Testing as in bug 25424, giving exactly the same results (commands and feedback identical). So OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Best advisory is in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0147.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED