Описание
Security update for python-Twisted
This update for python-Twisted fixes the following issue:
Security issue fixed:
- CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825).
Список пакетов
HPE Helion OpenStack 8
python-Twisted-15.2.1-9.5.2
SUSE Enterprise Storage 4
python-Twisted-15.2.1-9.5.2
SUSE Enterprise Storage 5
python-Twisted-15.2.1-9.5.2
SUSE Linux Enterprise Module for Web and Scripting 12
python-Twisted-15.2.1-9.5.2
SUSE OpenStack Cloud 7
python-Twisted-15.2.1-9.5.2
SUSE OpenStack Cloud 8
python-Twisted-15.2.1-9.5.2
SUSE OpenStack Cloud 9
python-Twisted-15.2.1-9.5.2
SUSE OpenStack Cloud Crowbar 8
python-Twisted-15.2.1-9.5.2
SUSE OpenStack Cloud Crowbar 9
python-Twisted-15.2.1-9.5.2
Ссылки
- Link for SUSE-SU-2019:2066-1
- E-Mail link for SUSE-SU-2019:2066-1
- SUSE Security Ratings
- SUSE Bug 1137825
- SUSE CVE CVE-2019-12387 page
Описание
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
Затронутые продукты
HPE Helion OpenStack 8:python-Twisted-15.2.1-9.5.2
SUSE Enterprise Storage 4:python-Twisted-15.2.1-9.5.2
SUSE Enterprise Storage 5:python-Twisted-15.2.1-9.5.2
SUSE Linux Enterprise Module for Web and Scripting 12:python-Twisted-15.2.1-9.5.2
Ссылки
- CVE-2019-12387
- SUSE Bug 1137825