SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3269

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3269

Security update for python-waitress

Type: security

Severity: moderate

Issued: 2020-11-10

Description:

This update for python-waitress to 1.4.3 fixes the following security issues:

- CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088).
- CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790).
- CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).

References

CVE: CVE-2019-16792
CVE: CVE-2019-16789
CVE: CVE-2019-16786
CVE: CVE-2019-16785
Bugzilla: 1161670 VUL-0: CVE-2019-16792: python-waitress: request smuggling possible by sending the Content-Length header twice
Bugzilla: 1161089 VUL-0: CVE-2019-16786: python-waitress: HTTP request smuggling through invalid Transfer-Encoding
Bugzilla: 1161088 VUL-0: CVE-2019-16785: python-waitress: HTTP request smuggling through LF vs CRLF handling
Bugzilla: 1160790 VUL-0: CVE-2019-16789: python-waitress: HTTP Request Smuggling through Invalid whitespace characters

Packages

python-waitress-1.4.3-3.3.1