MGASA-2020-0428 - Updated python-twisted packages fix security vulnerabilities

Publication date: 21 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0428.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-10108,
     CVE-2020-10109

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain
content-length headers. A remote attacker could possibly use this issue to
perform HTTP request splitting attacks (CVE-2020-10108, CVE-2020-10109).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26355
- https://ubuntu.com/security/notices/USN-4308-1
- https://access.redhat.com/errata/RHSA-2020:1561
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
- https://know.bishopfox.com/advisories/twisted-version-19.10.0
- https://www.debian.org/lts/security/2020/dla-2145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109

SRPMS:
- 7/core/python-twisted-19.2.1-1.2.mga7