SUSE-SU-2022:2070-1

Опубликовано: 14 июн. 2022

Источник: suse-cvrf

Описание

Security update for python-Twisted

This update for python-Twisted fixes the following issues:

CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739).

Список пакетов

Image SLES15-SP3-BYOS-Azure

python3-Twisted-19.10.0-150200.3.12.1

Image SLES15-SP3-HPC-BYOS-Azure

python3-Twisted-19.10.0-150200.3.12.1

Image SLES15-SP3-SAP-BYOS-Azure

python3-Twisted-19.10.0-150200.3.12.1

Image SLES15-SP3-SAPCAL-Azure

python3-Twisted-19.10.0-150200.3.12.1

SUSE Enterprise Storage 7

python3-Twisted-19.10.0-150200.3.12.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

python3-Twisted-19.10.0-150200.3.12.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

python3-Twisted-19.10.0-150200.3.12.1

SUSE Linux Enterprise Module for Package Hub 15 SP3

python3-Twisted-19.10.0-150200.3.12.1

SUSE Linux Enterprise Module for Server Applications 15 SP3

python3-Twisted-19.10.0-150200.3.12.1

SUSE Linux Enterprise Server 15 SP2-BCL

python3-Twisted-19.10.0-150200.3.12.1

SUSE Linux Enterprise Server 15 SP2-LTSS

python3-Twisted-19.10.0-150200.3.12.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

python3-Twisted-19.10.0-150200.3.12.1

SUSE Manager Proxy 4.1

python3-Twisted-19.10.0-150200.3.12.1

SUSE Manager Retail Branch Server 4.1

python3-Twisted-19.10.0-150200.3.12.1

SUSE Manager Server 4.1

python3-Twisted-19.10.0-150200.3.12.1

openSUSE Leap 15.3

python-Twisted-doc-19.10.0-150200.3.12.1

python2-Twisted-19.10.0-150200.3.12.1

python3-Twisted-19.10.0-150200.3.12.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222070-1/
Link for SUSE-SU-2022:2070-1
https://lists.suse.com/pipermail/sle-security-updates/2022-June/011279.html
E-Mail link for SUSE-SU-2022:2070-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1196739
SUSE Bug 1196739
https://www.suse.com/security/cve/CVE-2022-21716/
SUSE CVE CVE-2022-21716 page

Описание

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:python3-Twisted-19.10.0-150200.3.12.1

Image SLES15-SP3-HPC-BYOS-Azure:python3-Twisted-19.10.0-150200.3.12.1

Image SLES15-SP3-SAP-BYOS-Azure:python3-Twisted-19.10.0-150200.3.12.1

Image SLES15-SP3-SAPCAL-Azure:python3-Twisted-19.10.0-150200.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-21716.html
CVE-2022-21716
https://bugzilla.suse.com/1196739
SUSE Bug 1196739

SUSE-SU-2022:2070-1

Описание

Список пакетов

Image SLES15-SP3-BYOS-Azure

Image SLES15-SP3-HPC-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAPCAL-Azure

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Module for Package Hub 15 SP3

SUSE Linux Enterprise Module for Server Applications 15 SP3

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-21716

Описание

Затронутые продукты

Ссылки