Advisories » MGASA-2021-0136

Updated netty packages fix a security vulnerability

Publication date: 14 Mar 2021
Modification date: 14 Mar 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-21290

Description

When netty's multipart decoders are used local information disclosure can occur
via the local system temporary directory if temporary storing uploads on the
disk is enabled (CVE-2021-21290).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28446
• https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290

SRPMS

8/core

• netty-4.1.51-1.1.mga8