Updated python-twisted packages fix security vulnerabilities
Publication date: 06 Dec 2019Modification date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12387 , CVE-2019-12855
Description
Updated python-twisted packages fix security vulnerabilities:
Improper sanitization of URIs or HTTP which could allow attackers to
perform CRLF attacks (CVE-2019-12387).
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP
support did not verify certificates when used with TLS, allowing an
attacker to MITM connections (CVE-2019-12855).
References
- https://bugs.mageia.org/show_bug.cgi?id=25752
- https://lists.opensuse.org/opensuse-updates/2019-07/msg00089.html
- https://lists.opensuse.org/opensuse-updates/2019-09/msg00028.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855
SRPMS
7/core
- python-twisted-19.2.1-1.1.mga7