FEDORA-2021-9807b754d9 created by sgallagh 2 months ago for Fedora 34
stable

2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams

This is a security release.

Notable changes

  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

How to install

sudo dnf upgrade --advisory=FEDORA-2021-9807b754d9

This update has been submitted for testing by sgallagh.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
a month ago
BZ#2014059 CVE-2021-22960 llhttp: HTTP Request Smuggling when parsing the body
0
0
BZ#2014066 CVE-2021-22960 nodejs: llhttp: HTTP Request Smuggling when parsing the body [fedora-all]
0
0
BZ#2014113 CVE-2021-22960 nodejs:14/nodejs: llhttp: HTTP Request Smuggling when parsing the body [fedora-all]
0
0
BZ#2014117 CVE-2021-22959 nodejs: llhttp: HTTP Request Smuggling due to spaced in headers [fedora-all]
0
0
BZ#2014121 CVE-2021-22959 nodejs:14/nodejs: llhttp: HTTP Request Smuggling due to spaced in headers [fedora-all]
0
0

Automated Test Results