A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
Dropped in Cauldron.
As there is no maintainer for this package I added the committers in CC.
(Please set the status to 'assigned' if you are working on it)
undertow security issue CVE-2020-10719 =>
undertow new security issue CVE-2020-10719Severity:
Fixed upstream in 2.1.1
Done for mga7!
Updated undertow packages fix security vulnerability:
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the
processing of invalid HTTP requests with large chunk sizes. This flaw allows an
attacker to take advantage of HTTP request smuggling (CVE-2020-10719).
Updated packages in core/updates_testing:
Fixed upstream in 2.1.1 =>
Installed both packages, and updated. No installation issues.
Looked back for another bug for this package, and only found an obscure reference in a bug concerning a differnt package, which is also been dropped for Mageia 8.
OKing this on a clean install. Validatingt. Advisory in Comment 4.
Advisory pushed to SVN.
An update for this issue has been pushed to the Mageia Updates repository.