An update for resteasy is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1483
Final
1.0
1.0
2022-01-07
Initial
2022-01-07
2022-01-07
openEuler SA Tool V1.0
2022-01-07
resteasy security update
An update for resteasy is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
Framework for RESTful Web services and Java applications.
Security Fix(es):
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.(CVE-2020-1695)
An update for resteasy is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
resteasy
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1483
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-1695
https://nvd.nist.gov/vuln/detail/CVE-2020-1695
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
resteasy-optional-3.0.19-5.oe1.noarch.rpm
resteasy-jackson2-provider-3.0.19-5.oe1.noarch.rpm
resteasy-multipart-provider-3.0.19-5.oe1.noarch.rpm
resteasy-jettison-provider-3.0.19-5.oe1.noarch.rpm
resteasy-json-p-provider-3.0.19-5.oe1.noarch.rpm
resteasy-netty3-3.0.19-5.oe1.noarch.rpm
resteasy-atom-provider-3.0.19-5.oe1.noarch.rpm
resteasy-yaml-provider-3.0.19-5.oe1.noarch.rpm
resteasy-jaxb-provider-3.0.19-5.oe1.noarch.rpm
resteasy-test-3.0.19-5.oe1.noarch.rpm
resteasy-javadoc-3.0.19-5.oe1.noarch.rpm
resteasy-3.0.19-5.oe1.noarch.rpm
resteasy-client-3.0.19-5.oe1.noarch.rpm
resteasy-jackson-provider-3.0.19-5.oe1.noarch.rpm
resteasy-validator-provider-11-3.0.19-5.oe1.noarch.rpm
resteasy-core-3.0.19-5.oe1.noarch.rpm
resteasy-optional-3.0.19-5.oe1.noarch.rpm
resteasy-jackson-provider-3.0.19-5.oe1.noarch.rpm
resteasy-json-p-provider-3.0.19-5.oe1.noarch.rpm
resteasy-yaml-provider-3.0.19-5.oe1.noarch.rpm
resteasy-core-3.0.19-5.oe1.noarch.rpm
resteasy-jaxb-provider-3.0.19-5.oe1.noarch.rpm
resteasy-multipart-provider-3.0.19-5.oe1.noarch.rpm
resteasy-jettison-provider-3.0.19-5.oe1.noarch.rpm
resteasy-javadoc-3.0.19-5.oe1.noarch.rpm
resteasy-client-3.0.19-5.oe1.noarch.rpm
resteasy-validator-provider-11-3.0.19-5.oe1.noarch.rpm
resteasy-atom-provider-3.0.19-5.oe1.noarch.rpm
resteasy-3.0.19-5.oe1.noarch.rpm
resteasy-jackson2-provider-3.0.19-5.oe1.noarch.rpm
resteasy-test-3.0.19-5.oe1.noarch.rpm
resteasy-netty3-3.0.19-5.oe1.noarch.rpm
resteasy-optional-3.0.19-5.oe1.noarch.rpm
resteasy-jackson-provider-3.0.19-5.oe1.noarch.rpm
resteasy-json-p-provider-3.0.19-5.oe1.noarch.rpm
resteasy-yaml-provider-3.0.19-5.oe1.noarch.rpm
resteasy-core-3.0.19-5.oe1.noarch.rpm
resteasy-jaxb-provider-3.0.19-5.oe1.noarch.rpm
resteasy-multipart-provider-3.0.19-5.oe1.noarch.rpm
resteasy-jettison-provider-3.0.19-5.oe1.noarch.rpm
resteasy-javadoc-3.0.19-5.oe1.noarch.rpm
resteasy-client-3.0.19-5.oe1.noarch.rpm
resteasy-validator-provider-11-3.0.19-5.oe1.noarch.rpm
resteasy-atom-provider-3.0.19-5.oe1.noarch.rpm
resteasy-3.0.19-5.oe1.noarch.rpm
resteasy-jackson2-provider-3.0.19-5.oe1.noarch.rpm
resteasy-test-3.0.19-5.oe1.noarch.rpm
resteasy-netty3-3.0.19-5.oe1.noarch.rpm
resteasy-3.0.19-5.oe1.src.rpm
resteasy-3.0.19-5.oe1.src.rpm
resteasy-3.0.19-5.oe1.src.rpm
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
2022-01-07
CVE-2020-1695
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
resteasy security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1483