Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946
Acknowledgments: Name: the Mozilla project Upstream: Frederik Braun
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1353 https://access.redhat.com/errata/RHSA-2021:1353
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1351 https://access.redhat.com/errata/RHSA-2021:1351
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1352 https://access.redhat.com/errata/RHSA-2021:1352
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1350 https://access.redhat.com/errata/RHSA-2021:1350
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-29946
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1362 https://access.redhat.com/errata/RHSA-2021:1362
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1360 https://access.redhat.com/errata/RHSA-2021:1360
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1361 https://access.redhat.com/errata/RHSA-2021:1361
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1363 https://access.redhat.com/errata/RHSA-2021:1363