Advisories ยป MGASA-2019-0360

Updated python-twisted packages fix security vulnerabilities

Publication date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12387 , CVE-2019-12855

Description

Updated python-twisted packages fix security vulnerabilities:

Improper sanitization of URIs or HTTP which could allow attackers to
perform CRLF attacks (CVE-2019-12387).

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP
support did not verify certificates when used with TLS, allowing an
attacker to MITM connections (CVE-2019-12855).
                

References

SRPMS

7/core