Описание
Security update for python-Twisted
This update for python-Twisted fixes the following issues:
- CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739).
Список пакетов
HPE Helion OpenStack 8
python-Twisted-15.2.1-9.17.1
SUSE Linux Enterprise Module for Web and Scripting 12
python-Twisted-15.2.1-9.17.1
SUSE OpenStack Cloud 8
python-Twisted-15.2.1-9.17.1
SUSE OpenStack Cloud 9
python-Twisted-15.2.1-9.17.1
SUSE OpenStack Cloud Crowbar 8
python-Twisted-15.2.1-9.17.1
SUSE OpenStack Cloud Crowbar 9
python-Twisted-15.2.1-9.17.1
Ссылки
- Link for SUSE-SU-2022:2117-1
- E-Mail link for SUSE-SU-2022:2117-1
- SUSE Security Ratings
- SUSE Bug 1196739
- SUSE CVE CVE-2022-21716 page
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
Затронутые продукты
HPE Helion OpenStack 8:python-Twisted-15.2.1-9.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:python-Twisted-15.2.1-9.17.1
SUSE OpenStack Cloud 8:python-Twisted-15.2.1-9.17.1
SUSE OpenStack Cloud 9:python-Twisted-15.2.1-9.17.1
Ссылки
- CVE-2022-21716
- SUSE Bug 1196739