SUSE-SU-2017:0114-1

Опубликовано: 12 янв. 2017

Источник: suse-cvrf

Описание

Security update for python-Twisted

This update for python-Twisted fixes the following issues:

CVE-2016-1000111: sets environmental variable HTTP_PROXY based on user supplied Proxy request header (bsc#989997)

Список пакетов

SUSE Enterprise Storage 3

python-Twisted-15.2.1-8.1

SUSE Enterprise Storage 4

python-Twisted-15.2.1-8.1

SUSE Linux Enterprise Module for Web and Scripting 12

python-Twisted-15.2.1-8.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20170114-1/
Link for SUSE-SU-2017:0114-1
https://lists.suse.com/pipermail/sle-security-updates/2017-January/002557.html
E-Mail link for SUSE-SU-2017:0114-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/989997
SUSE Bug 989997
https://www.suse.com/security/cve/CVE-2016-1000111/
SUSE CVE CVE-2016-1000111 page

Описание

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Затронутые продукты

SUSE Enterprise Storage 3:python-Twisted-15.2.1-8.1

SUSE Enterprise Storage 4:python-Twisted-15.2.1-8.1

SUSE Linux Enterprise Module for Web and Scripting 12:python-Twisted-15.2.1-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-1000111.html
CVE-2016-1000111
https://bugzilla.suse.com/989997
SUSE Bug 989997

SUSE-SU-2017:0114-1

Описание

Список пакетов

SUSE Enterprise Storage 3

SUSE Enterprise Storage 4

SUSE Linux Enterprise Module for Web and Scripting 12

Ссылки

Уязвимость: CVE-2016-1000111

Описание

Затронутые продукты

Ссылки