Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 11 articles for you...
100

SUSE: 2024:1308-1 Important: Nodejs16 HTTP Request Smuggling Fix

* bsc#1222244 * bsc#1222384 Cross-References: * CVE-2024-27982 . # Security update for nodejs16 Announcement ID: SUSE-SU-2024:1308-1 Rating: important References: * bsc#1222244 * bsc#1222384 Cross-References: * CVE-2024-27982 * CVE-2024-27983 CVSS scores: * CVE-2024-27982 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-27983 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs16 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1308=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1308=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1308=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1308=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP4-2024-1308=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1308=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150400.3.33.1 * nodejs16-debuginfo-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * openSUSE Leap 15.4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 *nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Manager Server 4.3 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2024-27982.html * https://www.suse.com/security/cve/CVE-2024-27983.html * https://bugzilla.suse.com/show_bug.cgi?id=1222244 * https://bugzilla.suse.com/show_bug.cgi?id=1222384 . Important patch released to fix two vulnerabilities in nodejs16 affecting various SUSE versions, improving overall system security.. SUSE Linux, Nodejs Security, HTTP Request Fix, System Integrity. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 16, 2024 Important SuSE
100

SUSE: 2024:0304-2 Moderate: Jetty9 HTTP Request Smuggling

* bsc#1217649 Cross-References: * CVE-2023-46589 . # Security update for tomcat10 Announcement ID: SUSE-SU-2024:0208-1 Rating: moderate References: * bsc#1217649 Cross-References: * CVE-2023-46589 CVSS scores: * CVE-2023-46589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Web and Scripting Module 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.18 * CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649) Find the full release notes at: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-208=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-208=1 ## Package List: * openSUSE Leap 15.5 (noarch) * tomcat10-el-5_0-api-10.1.18-150200.5.8.1 * tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1 * tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1 * tomcat10-embed-10.1.18-150200.5.8.1 * tomcat10-admin-webapps-10.1.18-150200.5.8.1 * tomcat10-docs-webapp-10.1.18-150200.5.8.1 * tomcat10-10.1.18-150200.5.8.1 * tomcat10-jsvc-10.1.18-150200.5.8.1 * tomcat10-lib-10.1.18-150200.5.8.1 * tomcat10-webapps-10.1.18-150200.5.8.1 * Web and Scripting Module 15-SP5 (noarch) * tomcat10-el-5_0-api-10.1.18-150200.5.8.1 * tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1 *tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1 * tomcat10-admin-webapps-10.1.18-150200.5.8.1 * tomcat10-10.1.18-150200.5.8.1 * tomcat10-lib-10.1.18-150200.5.8.1 * tomcat10-webapps-10.1.18-150200.5.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46589.html * https://bugzilla.suse.com/show_bug.cgi?id=1217649 . The latest patch for Tomcat10 by SUSE resolves an HTTP request smuggling flaw, improving overall security and stability of the system.. Tomcat Security Update, SUSE Security Patches, Request Smuggling Fix. . LinuxSecurity.com Team

Calendar%202 Jan 24, 2024 SuSE
100

SUSE: 2022:2811-1 Important: HTTP Request Fixes for Python-Twisted

An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2811-1 Rating: important References: #1166457 #1166458 Cross-References: CVE-2020-10108 CVE-2020-10109 CVSS scores: CVE-2020-10108 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-10108 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-10109 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-10109 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2020-10108: Fixed an HTTP request smuggling issue (bsc#1166457). - CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458). PatchInstructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2811=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2811=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2811=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2811=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2811=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2811=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 References: https://www.suse.com/security/cve/CVE-2020-10108.html https://www.suse.com/security/cve/CVE-2020-10109.html https://bugzilla.suse.com/1166457 https://bugzilla.suse.com/1166458 . This significant Red Hat release tackles urgent python-Django vulnerabilities along with a comprehensive remediation manual.. SUSE Linux, python-Twisted, security update, software patch, system vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 16, 2022 Important SuSE
100

SUSE: 2022:2551-1 Important: nodejs16 Security Update for High Risks

An update that solves four vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2551-1 Rating: important References: #1192489 #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in--inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following non-security bug was fixed: - Add buildtime version check to determine if we need patched openssl Requires: or already in upstream. (bsc#1192489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2551=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2551=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-150300.7.6.2 nodejs16-debuginfo-16.16.0-150300.7.6.2 nodejs16-debugsource-16.16.0-150300.7.6.2 nodejs16-devel-16.16.0-150300.7.6.2 npm16-16.16.0-150300.7.6.2 - openSUSE Leap 15.3 (noarch): nodejs16-docs-16.16.0-150300.7.6.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-150300.7.6.2 nodejs16-debuginfo-16.16.0-150300.7.6.2 nodejs16-debugsource-16.16.0-150300.7.6.2 nodejs16-devel-16.16.0-150300.7.6.2 npm16-16.16.0-150300.7.6.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs16-docs-16.16.0-150300.7.6.2 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1192489 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 . An important Debian Security Patch for python3 addresses significant concerns and resolves multiple security flaws.. nodejs16 Security Update, SUSE Patch, HTTP Request Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 26, 2022 Important SuSE
98

Red Hat: RHSA-2022-4930-01 Important: python-twisted-web HTTP Smuggling

An update for python-twisted-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: python-twisted-web security update Advisory ID: RHSA-2022:4930-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4930 Issue date: 2022-06-07 CVE Names: CVE-2022-24801 ==================================================================== 1. Summary: An update for python-twisted-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix(es): * python-twisted: possible http request smuggling (CVE-2022-24801) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073114 - CVE-2022-24801 python-twisted: possible http request smuggling 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: python-twisted-web-12.1.0-8.el7_9.src.rpm x86_64: python-twisted-web-12.1.0-8.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: python-twisted-web-12.1.0-8.el7_9.src.rpm x86_64: python-twisted-web-12.1.0-8.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: python-twisted-web-12.1.0-8.el7_9.src.rpm ppc64: python-twisted-web-12.1.0-8.el7_9.ppc64.rpm ppc64le: python-twisted-web-12.1.0-8.el7_9.ppc64le.rpm s390x: python-twisted-web-12.1.0-8.el7_9.s390x.rpm x86_64: python-twisted-web-12.1.0-8.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): Source: python-twisted-web-12.1.0-8.el7_9.src.rpm x86_64: python-twisted-web-12.1.0-8.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24801 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYp9nTNzjgjWX9erEAQiTBA/+JnTivPHc4/LvkhCu/uco9d/j5kaTToTg YNFIFUbP+MxKEE2atTN83viXAxWm10Lxpjhz8plBVKYTwQVJMXw2HqfCA1bWq2Or AS1JTDfQHNW2pwW+OCNFYQJDilbtV5SrmfMOaCPSKjnEGPd8VSV+dyhjah+F5DXn qTqQPHFqMg4F35aQN35jLeVLr9VotUxO10qJ1NN7/cTpK6l61tmhJ2/0lnAZCnlE w5xsmuB/U6UpdD9aeA7l9oAxD8/xxo+Yf1ucDMXA1aMSCkYK6yirofXwSBeQwJIB ey+n1aXyJyRU1pNyaSwuZvwpmcWVCa/NaoLlpWF6fycbCXiLkJ+MGKVB8I8FhE57 Y+NfbQQmv2Gw/KmebBiLpCDQyEVb/lwnjBjXcrAw22Cgzi0C8/eGDEkjQlomZR/v aZaccxA+hJou+T3+p2NN/drHVYPENXXGMyqO/XIGYyBWs9evq5jsb3gBaJKnq3Cv Swis1okaVqJstyU1AVpnQRJF3xbWUop828zCp7GSj/XUNrUShKSkmbxNM4BNfufg X+GsxLzS1KzS4YWDcXBYGNPz+mp/w4gwE3ulLgYIPOfaYVlsGRelHxmGjutnPRHc XnPWFaYMt1hf7k7oHyXReWsOpNQW286EmaXKwdsga/klR+bxCe/nAPpD3KOUG2Ex eTDDjnvddsY=WKE/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial Security Announcement from Red Hat regarding python-twisted-web. Essential upgrade required to mitigate possible vulnerabilities.. Red Hat Security Advisory, Python Twisted Update, Security Management. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 07, 2022 Important Red Hat
197

Debian Stretch DLA-2991-1 Critical: Twisted Request Smuggling

The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-2991-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Stefano Rivera May 03, 2022 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : twisted Version : 16.6.0-2+deb9u3 CVE ID : CVE-2022-24801 Debian Bug : 1009030 The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. For Debian 9 stretch, this problem has been fixed in version 16.6.0-2+deb9u3. We recommend that you upgrade your twisted packages. For the detailed security status of twisted please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/twisted Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance Twisted Web to resolve HTTP request interpretation problem causing discrepancy. Recommendation DLA-2991-1 outlines essential procedures.. Twisted Web, HTTP Request Smuggling, Debian Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 03, 2022 Critical Debian LTS
98

Red Hat OpenStack 16.1: RHSA-2022:1646-01 Important: Http Request Smuggling

An update for python-twisted is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.1 (python-twisted) security update Advisory ID: RHSA-2022:1646-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1646 Issue date: 2022-04-28 CVE Names: CVE-2022-24801 ==================================================================== 1. Summary: An update for python-twisted is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - ppc64le, x86_64 3. Description: Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Security Fix(es): * possible http request smuggling (CVE-2022-24801) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073114 - CVE-2022-24801 python-twisted: possible http request smuggling 6. Package List: Red Hat OpenStack Platform16.1: Source: python-twisted-16.4.1-20.el8ost.src.rpm ppc64le: python-twisted-debugsource-16.4.1-20.el8ost.ppc64le.rpm python3-twisted-16.4.1-20.el8ost.ppc64le.rpm python3-twisted-debuginfo-16.4.1-20.el8ost.ppc64le.rpm x86_64: python-twisted-debugsource-16.4.1-20.el8ost.x86_64.rpm python3-twisted-16.4.1-20.el8ost.x86_64.rpm python3-twisted-debuginfo-16.4.1-20.el8ost.x86_64.rpm Red Hat OpenStack Platform 16.1: Source: python-twisted-16.4.1-20.el8ost.src.rpm ppc64le: python-twisted-debugsource-16.4.1-20.el8ost.ppc64le.rpm python3-twisted-16.4.1-20.el8ost.ppc64le.rpm python3-twisted-debuginfo-16.4.1-20.el8ost.ppc64le.rpm x86_64: python-twisted-debugsource-16.4.1-20.el8ost.x86_64.rpm python3-twisted-16.4.1-20.el8ost.x86_64.rpm python3-twisted-debuginfo-16.4.1-20.el8ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24801 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmwiZ9zjgjWX9erEAQgJpg//Q2UY3N6NPPEw3UjHUNqLog8oQb3+AM3T ovW4KJS74Ca/TM/g8FEiO0eTfOl3qMA6ucDHHew5W/T4xb3sPozHXz2pIVPoV+zu 5jek6ZmaI0usbD2znHxx/TvhfU9OhbtgVuRFHJolpeiEc1bvkFNNflK4IZL1Yej9 evIiREOnl4P9Q40G0q8Wl8eVYOyIZbhP7qNHZCobHFRM86F6VQVcS6lCm8xsPId5 l1v9cNA7zY5z/UetPEGFQcxdYL2lBibKU5fu6NM1dQTVRb978Avx7VanIIgsbraC 0jKoEJj9bO+1ijfQwf9AgW5ILjp+KEWzrZWF9hsckFsgGp+NnV3lGC/pdkSWkgcw 5jqPDlWJ4qq1u1+N11+O55qXYEednJQfAHsjxM5XpoqkQ+HB8wapJGI4w//TN7Xk g9X3zM9yj5onaMeaUXtPiHYgXDmg4KggKA4hHckgs2MOVd74YHSx5eftnqKfJzNa NjMQbVKhjqRM8d3jj8Kh4aRWpYEDqxG3olDYO2kD3VRWK2OnpMSzoJMVF54HO3O9 k2z3WADoo6OgjasOPNqj/+qRuAFcgacNWx+rXm0vHjad5XlQM8IkQxWWZQlIB/rZ /FXu8PIWNUfYBjh3+Uo7lAUoHh1S42xVtiGC0TfuGdGTwNtM9kZM6ujS0PRKf2Nw ZnjznEuoBGU=jfAF -----ENDPGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . The latest Red Hat OpenStack Platform 16.1 release addresses a significant vulnerability in python-twisted. Users are recommended to perform the update.. Red Hat OpenStack, python-twisted update, security advisory Red Hat, important security update, OpenStack security fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 29, 2022 Important Red Hat
98

Red Hat OpenStack 16.2: RHSA-2022-1645-01 Important: Http Request Smuggling

An update for python-twisted is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.2 (python-twisted) security update Advisory ID: RHSA-2022:1645-02 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1645 Issue date: 2022-04-28 CVE Names: CVE-2022-24801 ==================================================================== 1. Summary: An update for python-twisted is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - ppc64le, x86_64 3. Description: Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Security Fix(es): * possible http request smuggling (CVE-2022-24801) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073114 - CVE-2022-24801 python-twisted: possible http request smuggling 6. Package List: Red Hat OpenStack Platform16.2: Source: python-twisted-16.4.1-20.el8ost.src.rpm ppc64le: python-twisted-debugsource-16.4.1-20.el8ost.ppc64le.rpm python3-twisted-16.4.1-20.el8ost.ppc64le.rpm python3-twisted-debuginfo-16.4.1-20.el8ost.ppc64le.rpm x86_64: python-twisted-debugsource-16.4.1-20.el8ost.x86_64.rpm python3-twisted-16.4.1-20.el8ost.x86_64.rpm python3-twisted-debuginfo-16.4.1-20.el8ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24801 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmu7FNzjgjWX9erEAQhxtQ//UlvSrTbA7tD0YMy0oiex2Uvbjgl586PE t7A2LB0Q6wPQeA+42j6aoty6/inusb+h0ob11gukM9akZDEZUt36aqQpBZxNBULI kI+8k0RjpR3bp/BjylcwE9hrYfNvHqBsZrS/4llZH/YE2NOYUs2YQaRo2Lh2oFGw iCgjXk2SxE3NFGwrjsgAd87tq+hLmaIkjNLNGTKNYyy94mWMSyVJidTbYzoGt+1T kwFf9aUYiIz4RnBFavWOCoqGInV64jzKQSuCDij5htbNG9t9Vjvntv5u0HCjF/Ot DXKzzk4WlWc+P5bMNLkWnIKZJcXdr9pgMdZBWwzy35zG3YHvGMTuBdJicMkq8hTP jdu2zhb1d2EQKiWPwAOdCZzySBI4myyJBTHxZKj6fQ5CIWLJzes0SIbVNAebac+p 0aMOjQ+M1GOE1O9wxhn+Daqo4AkdDWRvfQk554JNIQCwtfmPL23rfThZzze+I08f HI/zrToHbMvXNwiOSf9eM8SzpoeIP92cq2P9OULP3tLxggq/4S8RbaDn/jiakUQk OnMaqJzJn///xdwpM6iKtGo6v3X9/+rIAkXpIivUI0t4Tbk6n6HmZQRrwjZT5i4t KBFTqncZagZlIa0yD87wJcwcxgoAdZ6vJUoUqhk+8oLh5kh3P00bZyDlt/71RYvd DTSkkumsGJU=1DjP -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . Canonical revealed a significant upgrade for Ubuntu Cloud 22.04 tackling a critical vulnerability in the python-asyncio module.. Red Hat OpenStack, python-twisted, important update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 29, 2022 Important Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200