An update for apache-mina is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1435 Final 1.0 1.0 2021-11-19 Initial 2021-11-19 2021-11-19 openEuler SA Tool V1.0 2021-11-19 apache-mina security update An update for apache-mina is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fix(es): In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.(CVE-2021-41973) An update for apache-mina is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium apache-mina https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1435 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-41973 https://nvd.nist.gov/vuln/detail/CVE-2021-41973 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 apache-mina-mina-filter-compression-2.0.21-2.oe1.noarch.rpm apache-mina-javadoc-2.0.21-2.oe1.noarch.rpm apache-mina-mina-http-2.0.21-2.oe1.noarch.rpm apache-mina-mina-statemachine-2.0.21-2.oe1.noarch.rpm apache-mina-mina-core-2.0.21-2.oe1.noarch.rpm apache-mina-2.0.21-2.oe1.noarch.rpm apache-mina-2.0.21-2.oe1.noarch.rpm apache-mina-mina-statemachine-2.0.21-2.oe1.noarch.rpm apache-mina-mina-http-2.0.21-2.oe1.noarch.rpm apache-mina-mina-core-2.0.21-2.oe1.noarch.rpm apache-mina-javadoc-2.0.21-2.oe1.noarch.rpm apache-mina-mina-filter-compression-2.0.21-2.oe1.noarch.rpm apache-mina-2.0.21-2.oe1.src.rpm apache-mina-2.0.21-2.oe1.src.rpm In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater. 2021-11-19 CVE-2021-41973 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H apache-mina security update 2021-11-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1435