Advisories » MGASA-2021-0039

Updated resteasy packages fix a security vulnerability

Publication date: 17 Jan 2021
Modification date: 17 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-1695

Description

A flaw was found in Resteasy, where an improper input validation results in
returning an illegal header that integrates into the server's response. This
flaw may result in an injection, which leads to unexpected behavior when the
HTTP response is constructed (CVE-2020-1695).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27794
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695

SRPMS

7/core

• resteasy-3.0.26-2.mga7