Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 4308-1: Critical Twisted Issues and Security Fixes

ubuntu
Calendar Grey March 19, 2020
Dist Ubuntu Esm H88
Critical patches addressing various vulnerabilities in Twisted that impact Ubuntu versions 16.04 through 19.10 necessitate prompt action to safeguard systems.
Several security issues were fixed in Twisted.

Summary

Several security issues were fixed in Twisted.

Software Description:

- twisted: Event-based framework for internet applications

Details:

it was discovered that Twisted incorrectly validated or sanitized certain

URIs or HTTP methods. A remote attacker could use this issue to inject

invalid characters and possibly perform header injection attacks.

(CVE-2019-12387)

It was discovered that Twisted incorrectly verified XMPP TLS certificates.

A remote attacker could possibly use this issue to perform a

man-in-the-middle attack and obtain sensitive information. (CVE-2019-12855)

It was discovered that Twisted incorrectly handled HTTP/2 connections. A

remote attacker could possibly use this issue to cause Twisted to hang or

consume resources, leading to a denial of service. This issue only affected

Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-9512, CVE-2019-9514,

CVE-2019-9515)

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled

certain content...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  python-twisted                  18.9.0-3ubuntu1.1
  python-twisted-bin              18.9.0-3ubuntu1.1
  python-twisted-web              18.9.0-3ubuntu1.1
  python3-twisted                 18.9.0-3ubuntu1.1
  python3-twisted-bin             18.9.0-3ubuntu1.1

Ubuntu 18.04 LTS:
  python-twisted                  17.9.0-2ubuntu0.1
  python-twisted-bin              17.9.0-2ubuntu0.1
  python-twisted-web              17.9.0-2ubuntu0.1
  python3-twisted                 17.9.0-2ubuntu0.1
  python3-twisted-bin             17.9.0-2ubuntu0.1

Ubuntu 16.04 LTS:
  python-twisted                  16.0.0-1ubuntu0.4
  python-twisted-bin              16.0.0-1ubuntu0.4
  python-twisted-web              16.0.0-1ubuntu0.4
  python3-twisted                 16.0.0-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4308-1

CVE-2019-12387, CVE-2019-12855, CVE-2019-9512, CVE-2019-9514,

CVE-2019-9515, CVE-2020-10108, CVE-2020-10109

Severity
critical
Lowest
Low
Medium
High
Critical

March 19, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here