SUSE-SU-2022:0499-1

Опубликовано: 18 фев. 2022

Источник: suse-cvrf

Описание

Security update for python-Twisted

This update for python-Twisted fixes the following issues:

CVE-2022-21712: Fixed secret exposure in cross-origin redirects by properly removing sensitive headers when redirecting to a different origin (bsc#1195667).

Список пакетов

Image SLES15-SP3-BYOS-Azure

python3-Twisted-19.10.0-3.6.1

Image SLES15-SP3-HPC-BYOS-Azure

python3-Twisted-19.10.0-3.6.1

Image SLES15-SP3-SAP-BYOS-Azure

python3-Twisted-19.10.0-3.6.1

Image SLES15-SP3-SAPCAL-Azure

python3-Twisted-19.10.0-3.6.1

SUSE Enterprise Storage 7

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise Module for Package Hub 15 SP3

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP3

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise Real Time 15 SP2

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise Server 15 SP2-BCL

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise Server 15 SP2-LTSS

python3-Twisted-19.10.0-3.6.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

python3-Twisted-19.10.0-3.6.1

SUSE Manager Proxy 4.1

python3-Twisted-19.10.0-3.6.1

SUSE Manager Retail Branch Server 4.1

python3-Twisted-19.10.0-3.6.1

SUSE Manager Server 4.1

python3-Twisted-19.10.0-3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220499-1/
Link for SUSE-SU-2022:0499-1
https://lists.suse.com/pipermail/sle-security-updates/2022-February/010263.html
E-Mail link for SUSE-SU-2022:0499-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195667
SUSE Bug 1195667
https://www.suse.com/security/cve/CVE-2022-21712/
SUSE CVE CVE-2022-21712 page

Описание

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:python3-Twisted-19.10.0-3.6.1

Image SLES15-SP3-HPC-BYOS-Azure:python3-Twisted-19.10.0-3.6.1

Image SLES15-SP3-SAP-BYOS-Azure:python3-Twisted-19.10.0-3.6.1

Image SLES15-SP3-SAPCAL-Azure:python3-Twisted-19.10.0-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-21712.html
CVE-2022-21712
https://bugzilla.suse.com/1195667
SUSE Bug 1195667

SUSE-SU-2022:0499-1

Описание

Список пакетов

Image SLES15-SP3-BYOS-Azure

Image SLES15-SP3-HPC-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAPCAL-Azure

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Module for Package Hub 15 SP3

SUSE Linux Enterprise Module for Server Applications 15 SP3

SUSE Linux Enterprise Real Time 15 SP2

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

Ссылки

Уязвимость: CVE-2022-21712

Описание

Затронутые продукты

Ссылки