An update for apache-mina is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1435
Final
1.0
1.0
2021-11-19
Initial
2021-11-19
2021-11-19
openEuler SA Tool V1.0
2021-11-19
apache-mina security update
An update for apache-mina is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO.
Security Fix(es):
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.(CVE-2021-41973)
An update for apache-mina is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
apache-mina
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1435
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-41973
https://nvd.nist.gov/vuln/detail/CVE-2021-41973
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
apache-mina-mina-filter-compression-2.0.21-2.oe1.noarch.rpm
apache-mina-javadoc-2.0.21-2.oe1.noarch.rpm
apache-mina-mina-http-2.0.21-2.oe1.noarch.rpm
apache-mina-mina-statemachine-2.0.21-2.oe1.noarch.rpm
apache-mina-mina-core-2.0.21-2.oe1.noarch.rpm
apache-mina-2.0.21-2.oe1.noarch.rpm
apache-mina-2.0.21-2.oe1.noarch.rpm
apache-mina-mina-statemachine-2.0.21-2.oe1.noarch.rpm
apache-mina-mina-http-2.0.21-2.oe1.noarch.rpm
apache-mina-mina-core-2.0.21-2.oe1.noarch.rpm
apache-mina-javadoc-2.0.21-2.oe1.noarch.rpm
apache-mina-mina-filter-compression-2.0.21-2.oe1.noarch.rpm
apache-mina-2.0.21-2.oe1.src.rpm
apache-mina-2.0.21-2.oe1.src.rpm
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
2021-11-19
CVE-2021-41973
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
Medium
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
apache-mina security update
2021-11-19
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1435