FEDORA-2021-9818cabe0d created by sgallagh 2 months ago for Fedora 35
stable

2021-10-12, Version 16.11.1 (Current), @danielleadams

This is a security release.

Notable changes

  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
  • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
  • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

2021-10-08, Version 16.11.0 (Current), @danielleadams

Notable Changes

  • crypto
  • update root certificates (Richard Lau) #40280
  • deps
  • upgrade npm to 8.0.0 (npm team) #40369
  • update nghttp2 to v1.45.1 (thunder-coding) #40206
  • update V8 to 9.4.146.19 (MichaĆ«l Zasso) #40285
  • tools
  • update certdata.txt (Richard Lau) #40280

How to install

sudo dnf upgrade --advisory=FEDORA-2021-9818cabe0d

This update has been submitted for testing by sgallagh.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

sgallagh edited this update.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago
User Icon jayden provided feedback 2 months ago
karma
User Icon jayden provided feedback 2 months ago
karma

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
a month ago
modified
2 months ago
BZ#2012396 nodejs-16.11.1 is available
0
0
BZ#2014057 CVE-2021-22959 llhttp: HTTP Request Smuggling due to spaced in headers
0
0
BZ#2014059 CVE-2021-22960 llhttp: HTTP Request Smuggling when parsing the body
0
0
BZ#2014066 CVE-2021-22960 nodejs: llhttp: HTTP Request Smuggling when parsing the body [fedora-all]
0
0
BZ#2014115 CVE-2021-22960 nodejs:16/nodejs: llhttp: HTTP Request Smuggling when parsing the body [fedora-all]
0
0
BZ#2014123 CVE-2021-22959 nodejs:16/nodejs: llhttp: HTTP Request Smuggling due to spaced in headers [fedora-all]
0
0

Automated Test Results