Lucene search
SuseOPENSUSE-SU-2020:1922-1HistoryNov 15, 2020 - 12:00 a.m.
Security update for python-waitress (moderate)
2020-11-1500:00:00
lists.opensuse.org
13
0.021 Low
EPSS
Percentile
89.1%
An update that fixes four vulnerabilities is now available.
Description:
This update for python-waitress to 1.4.3 fixes the following security
issues:
- CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling
(bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding
(bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace
characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length
header twice (bsc#1161670).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1922=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.1 | noarch | < - openSUSE Leap 15.1 (noarch): | - openSUSE Leap 15.1 (noarch):.noarch.rpm |
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3269-1)
2021-04-19 00:00:00
Debian: Security Advisory (DLA-3000-1)
2022-05-13 00:00:00
Huawei EulerOS: Security Advisory for python-waitress (EulerOS-SA-2020-1879)
2020-08-31 00:00:00
nessus
nessus
openSUSE Security Update : python-waitress (openSUSE-2020-1911)
2020-11-17 00:00:00
openSUSE Security Update : python-waitress (openSUSE-2020-1922)
2020-11-17 00:00:00
Debian DLA-3000-1 : waitress - LTS security update
2022-05-13 00:00:00
suse
suse
Security update for python-waitress (moderate)
2020-11-14 00:00:00
mageia
mageia
Updated python-waitress packages fix security vulnerabilities
2020-02-13 13:49:00
fedora
fedora
[SECURITY] Fedora 31 Update: python-waitress-1.4.3-1.fc31
2020-02-26 17:59:33
[SECURITY] Fedora 30 Update: python-waitress-1.4.3-1.fc30
2020-02-25 14:39:38
osv
osv
waitress - security update
2022-05-12 00:00:00
Inconsistent Interpretation of HTTP Requests in Waitress
2022-05-24 17:07:06
PYSEC-2020-178
2020-01-22 19:15:00
debian
debian
[SECURITY] [DLA 3000-1] waitress security update
2022-05-12 21:44:22
redhat
redhat
(RHSA-2020:0720) Low: python-waitress security update
2020-03-05 10:19:12
(RHSA-2021:0420) Moderate: Red Hat Quay v3.4.0 security update
2021-02-04 16:10:17
veracode
veracode
HTTP Request Smuggling
2019-12-27 02:11:39
HTTP Request Smuggling
2020-01-23 02:38:54
CRLF Injection
2019-12-23 03:01:06
cvelist
cvelist
nvd
nvd
prion
prion
Design/Logic Flaw
2019-12-20 23:15:00
Information disclosure
2019-12-26 17:15:00
Design/Logic Flaw
2020-01-22 19:15:00
github
github
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
2020-01-06 18:44:21
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress
2019-12-20 23:04:18
HTTP Request Smuggling: LF vs CRLF handling in Waitress
2019-12-20 23:03:57
cve
cve
debiancve
debiancve
ubuntucve
ubuntucve
alpinelinux
alpinelinux
redhatcve
redhatcve
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00