What Are You Looking For?

Popular Tags

Sign Up

   SUSE Security Update: Security update for python-Twisted
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2811-1
Rating:             important
References:         #1166457 #1166458 
Cross-References:   CVE-2020-10108 CVE-2020-10109
CVSS scores:
                    CVE-2020-10108 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-10108 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2020-10109 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-10109 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:
                    HPE Helion Openstack 8
                    SUSE Linux Enterprise High Performance Computing 12
                    SUSE Linux Enterprise Module for Web Scripting 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP4
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12
                    SUSE Linux Enterprise Server for SAP Applications 12-SP3
                    SUSE Linux Enterprise Server for SAP Applications 12-SP4
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE OpenStack Cloud 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for python-Twisted fixes the following issues:

   - CVE-2020-10108: Fixed an HTTP request smuggling issue (bsc#1166457).
   - CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2811=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2811=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2811=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2811=1

   - SUSE Linux Enterprise Module for Web Scripting 12:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2811=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2022-2811=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      python-Twisted-15.2.1-9.20.1
      python-Twisted-debuginfo-15.2.1-9.20.1
      python-Twisted-debugsource-15.2.1-9.20.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      python-Twisted-15.2.1-9.20.1
      python-Twisted-debuginfo-15.2.1-9.20.1
      python-Twisted-debugsource-15.2.1-9.20.1

   - SUSE OpenStack Cloud 9 (x86_64):

      python-Twisted-15.2.1-9.20.1
      python-Twisted-debuginfo-15.2.1-9.20.1
      python-Twisted-debugsource-15.2.1-9.20.1

   - SUSE OpenStack Cloud 8 (x86_64):

      python-Twisted-15.2.1-9.20.1
      python-Twisted-debuginfo-15.2.1-9.20.1
      python-Twisted-debugsource-15.2.1-9.20.1

   - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):

      python-Twisted-15.2.1-9.20.1
      python-Twisted-debuginfo-15.2.1-9.20.1
      python-Twisted-debugsource-15.2.1-9.20.1

   - HPE Helion Openstack 8 (x86_64):

      python-Twisted-15.2.1-9.20.1
      python-Twisted-debuginfo-15.2.1-9.20.1
      python-Twisted-debugsource-15.2.1-9.20.1


References:

   https://www.suse.com/security/cve/CVE-2020-10108.html
   https://www.suse.com/security/cve/CVE-2020-10109.html
   https://bugzilla.suse.com/1166457
   https://bugzilla.suse.com/1166458

SUSE: 2022:2811-1 important: python-Twisted

August 16, 2022
An update that fixes two vulnerabilities is now available

Summary

This update for python-Twisted fixes the following issues: - CVE-2020-10108: Fixed an HTTP request smuggling issue (bsc#1166457). - CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2811=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2811=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2811=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2811=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2811=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2811=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1

References

#1166457 #1166458

Cross- CVE-2020-10108 CVE-2020-10109

CVSS scores:

CVE-2020-10108 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-10108 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2020-10109 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-10109 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

HPE Helion Openstack 8

SUSE Linux Enterprise High Performance Computing 12

SUSE Linux Enterprise Module for Web Scripting 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12

SUSE Linux Enterprise Server for SAP Applications 12-SP3

SUSE Linux Enterprise Server for SAP Applications 12-SP4

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud Crowbar 9

https://www.suse.com/security/cve/CVE-2020-10108.html

https://www.suse.com/security/cve/CVE-2020-10109.html

https://bugzilla.suse.com/1166457

https://bugzilla.suse.com/1166458

Severity
Announcement ID: SUSE-SU-2022:2811-1
Rating: important

Related News

Severe Chromium DoS, Info Disclosure Vulns Fixed

Sep 30, 2023

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Sep 23, 2023

GitHub Makes Passkeys Security Feature Available to All

Sep 27, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 22, 2023

News

Advisories

HOWTOs

Features

Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy
Supercharging Linux: Tips & Tricks to Beat the Threat Landscape
LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Powered By

Footer Logo

Feedback