Advisories » MGASA-2019-0360

Updated python-twisted packages fix security vulnerabilities

Publication date: 06 Dec 2019
Modification date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12387 , CVE-2019-12855

Description

Updated python-twisted packages fix security vulnerabilities:

Improper sanitization of URIs or HTTP which could allow attackers to
perform CRLF attacks (CVE-2019-12387).

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP
support did not verify certificates when used with TLS, allowing an
attacker to MITM connections (CVE-2019-12855).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25752
• https://lists.opensuse.org/opensuse-updates/2019-07/msg00089.html
• https://lists.opensuse.org/opensuse-updates/2019-09/msg00028.html
• https://www.cve.org/CVERecord?id=CVE-2019-12387
• https://www.cve.org/CVERecord?id=CVE-2019-12855

SRPMS

7/core

• python-twisted-19.2.1-1.1.mga7