Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Ubuntu 21.10, 20.04 LTS: USN-5354-1 Moderate Twisted Security Issues

ubuntu
Calendar Grey March 30, 2022
Dist Ubuntu Esm H88
Multiple vulnerabilities identified in the Twisted framework for Ubuntu, impacting various versions. Urgent security patches advised.
Several security issues were fixed in Twisted.

Summary

Several security issues were fixed in Twisted.

Software Description:

- twisted: Event-based framework for internet applications

Details:

It was discovered that Twisted incorrectly filtered HTTP headers when

clients are being redirected to another origin. A remote attacker could

use this issue to obtain sensitive information. (CVE-2022-21712)

It was discovered that Twisted incorrectly processed SSH handshake data

on connection establishments. A remote attacker could use this issue to

cause Twisted to crash, resulting in a denial of service. (CVE-2022-21716)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
python3-twisted 20.3.0-7ubuntu1.1
python3-twisted-bin 20.3.0-7ubuntu1.1

Ubuntu 20.04 LTS:
python3-twisted 18.9.0-11ubuntu0.20.04.2
python3-twisted-bin 18.9.0-11ubuntu0.20.04.2

Ubuntu 18.04 LTS:
python-twisted 17.9.0-2ubuntu0.3
python-twisted-bin 17.9.0-2ubuntu0.3
python3-twisted 17.9.0-2ubuntu0.3
python3-twisted-bin 17.9.0-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5354-1

CVE-2022-21712, CVE-2022-21716

March 30, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.