Updated python-twisted packages fix security vulnerabilities
Publication date: 21 Nov 2020Modification date: 21 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10108 , CVE-2020-10109
Description
Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain
content-length headers. A remote attacker could possibly use this issue to
perform HTTP request splitting attacks (CVE-2020-10108, CVE-2020-10109).
References
- https://bugs.mageia.org/show_bug.cgi?id=26355
- https://ubuntu.com/security/notices/USN-4308-1
- https://access.redhat.com/errata/RHSA-2020:1561
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
- https://know.bishopfox.com/advisories/twisted-version-19.10.0
- https://www.debian.org/lts/security/2020/dla-2145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109
SRPMS
7/core
- python-twisted-19.2.1-1.2.mga7