Ubuntu 14.04 ESM USN-4308-2 Moderate: Twisted Header Injection
ubuntu
March 30, 2020
Several security issues were fixed in Twisted.
Summary
Several security issues were fixed in Twisted.
Software Description:
- twisted: Event-based framework for internet applications
Details:
USN-4308-1 fixed several vulnerabilities in Twisted. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
it was discovered that Twisted incorrectly validated or sanitized certain
URIs or HTTP methods. A remote attacker could use this issue to inject
invalid characters and possibly perform header injection attacks.
(CVE-2019-12387)
It was discovered that Twisted incorrectly verified XMPP TLS certificates.
A remote attacker could possibly use this issue to perform a
man-in-the-middle attack and obtain sensitive information. (CVE-2019-12855)
Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled
certain content-length headers. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2020-10108,
CVE-2020-10109)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: python-twisted 13.2.0-1ubuntu1.2+esm1 python-twisted-bin 13.2.0-1ubuntu1.2+esm1 python-twisted-web 13.2.0-1ubuntu1.2+esm1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-4308-2
https://ubuntu.com/security/notices/USN-4308-1
CVE-2019-12387, CVE-2019-12855, CVE-2020-10108, CVE-2020-10109
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
March 30, 2020
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!