USN-4600-1: Netty vulnerabilities

22 October 2020

Netty could be made to expose sensitive information over the network.

Releases

Packages

  • netty-3.9 - Asynchronous event-driven network application framework

Details

It was discovered that Netty had HTTP request smuggling vulnerabilities. A
remote attacker could used it to extract sensitive information. (CVE-2019-16869,
CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

Related notices